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Changes are coming to the contro- 
SPECIAL versial visa program. But don’t ex- 
ie LL pect the debate over whether the 

program is good for the economy - or costs U.S. 

workers their jobs - to end anytime soon. Patrick 

Thibodeau reports. STORIES BEGIN ON PAGE 4. 


The University of North Carolina and other users are taking 
an enterprisewide view of business intelligence. PAGE 8 
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Users Get Going 
On SP2 Rollouts 


Corporate deployments of XP security update 
widen, but IT execs cite lengthy app testing 








making significant headway in 
deploying SP2 or are prepar- 
| ing to do so. 
Twenty-three of the 30 
| users who responded to the 
| e-mail poll said they have 
| started to deploy or have in- 
testing to do when Microsoft stalled SP2 on existing ma- 
Corp. released SP2 last August. | chines, are rolling it out on 
But a random poll of replacement and new 
IT managers conducted arin PCs, or are finishing 
by Computerworld last Vaeeneee vesting and planning 
week, plus anecdotal foeectieme work that will enable 
evidence from industry [iigege@ssem@e them to install SP2 in 
analysts, indicates that Saeauesm the coming months. 
far more companies are PAGE 8 Testing SP2, page 47 


BY CAROL SLIWA 
Many corporate users dragged 
their feet in testing beta ver- 
sions of the security-focused 
Service Pack 2 update for Win- 
dows XP and still had plenty 
of application compatibility 
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Author N. Sivakumar says 
he didn’t. “When | was 
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Municipal ClOs, such as 
Philadelphia’s Dianah 

Neff, are turning IT into 
a high-profile, revenue- 


producing operation. 
By Matt Hamblen. PAGE 35 
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| based law firm Fenwick & 
| West LLP. 
The latest worm was simi- 


a Gi 
lar to MyDoom-O, an earlier 
eW 00 | variant that flooded search 


| engines with automated 


| e-mail address search re- 
| quests last July — briefly 
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new variant of the MyDoom 
mass-mailing worm, which 
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Google, other sites to 
find IT flaws on We Web_ 


BY JAIKUMAR VIJAYAN 
The growing use of search 
engines to spread worms or 
find vulnerable IT targets 
poses a threat to companies 
that aren’t careful about the 
data they make available on 
the Web, IT managers and 
analysts said last week. 

The cautionary note fol- 
lows the Feb. 17 release of a 





was programmed to spread 
itself by harvesting e-mail 
addresses from search en- 
gines such as Google, Alta- 
Vista and Lycos. 

“The ability of search en- 
gines to discover a lot of in- 
formation that was not nec- 
essarily hidden but was 
a lot less available pre- 
viously is scary,” said 


| Matt Kesner, chief 


technology officer at 
Mountain View, Calif.- 


@ k1600 


| disrupting the availability 


of Google Inc.’s Web site. 


| In addition, in December a 
| worm called Sanity used 
| Google to identify and attack 


vulnerable systems by look- 
ing for specific text on Web 
sites powered by an open- 
source bulletin board 
application. 

The appearance of 
such worms indicates 
that “Google hacking” 

Hackers, page 16 
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Microsoft 


Microsoft Windows Server System makes it easier for 
Switzerland's Federal Department of Foreign Affairs 
(DFA) to manage the infrastructure serving their 
embassies and consulates in 156 countries. Here's 
how: By using Systems Management Server 2003 
and Microsoft Operations Manager 2005, DFA can 


froma 


automatically update its 500 remote servers 
central location, saving over $600,000 in travel 
expenses alone in the past year. They've also been 
able to reduce the time and cost of maintenance 
boost user productivity, and find the time to better 
prepare for expansion. Software that's easier to 
manage is software that helps you do more with 
less. To get the full DFA story or to find a Microsoft 
Certified Partner, go to microsoft.com/wssystem 


We have 3,000 PCs based everywhere from 
Argentina to Vietnam, and now our team can 
update them all from headquarters. 


Viktor Portmann 


ect Manager, Department of Foreign Affairs, Switzerland 
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Xerox WorkCentre’ Pro 2128 delivers rich 1200 x 1200 dpi 
color prints, plus advanced multi-function performance. 
Xerox Color. It makes business sense. 


The remarkable Xerox WorkCentre Pro 2128 gives you an 
affordable way to add brilliant color and an impressive set 
of valuable features to any office. This advanced digital 
system can print, copy, scan, e-mail or fax simultaneously, 
even when other jobs are running. It also scans hard 


copy directly to e-mail, improving productivity. Walk-up 


Print Copy Scan Fax E-mail 


Xerox WorkCentre Pro 2128 


simplicity means easy access to razor sharp 28 ppm 
black-and-white and 21 ppm quality color documents. And 
it consolidates all these functions without compromising 
reliability. To learn more, see our full line of multi- 
function systems, digital copiers and award-winning 


color printers. It makes perfect sense for any business. 
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xerox.com/office/24 | Technology Document Management Consulting Services 


1-800-ASK-XEROX ext. 24 
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BY PATRICK THIBODEAU 
Next week, the U.S. govern- 
ment will begin accepting 
H-1B applications from compa- 
nies that want to take advan- 
tage of an increase in the fiscal 
2005 visa cap to hire foreign 
workers who have advanced 
degrees from U.S. universities. 
Up to 20,000 new H-I1B visa 
slots are becoming available. 
Opponents of the cap increase 
say the graduates being 


from U.S. workers, in- 

cluding IT staffers. Sup- 
porters argue that foreign 
workers are important to the 
country’s economic health. At 
the core of the debate lies a 
question that’s likely to re- 
emerge as the application 
process begins again: Do H-1B 
visa holders help or hurt the 
U.S. workforce? 
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A Computerworld analysis 
of wage data from approxi- 
mately 290,000 H-1B applica- 
tions filed with the U.S. De- 
partment of Labor shows that 
H-1B salaries declined across 
the board between the 2001 


and 2003 federal fiscal years in | 


a number of IT job categories. 
They include programming, 
systems analysis, networking, 
end-user support and quality 
assurance. The wage decline 
mirrored what was happening 
to the pay of U.S. IT workers 
— at least unti! 2003, when the 
salary trends diverged, ac- 
cording to research firm Foote 
Partners LLC. 

The government’s Labor 
Condition Application data- 
base provides data only on 
new H-IB visa applicants and 
visa holders seeking a change 
of status. In addition, the La- 
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bor Department lumps the in- 
formation into job categories 
that don’t easily match with 
jobs in the private sector. 
Moreover, the government 


doesn’t track visa holders and 
| doesn’t know the rate at which 


H-I1B visa holders lost jobs in 


| proportion to U.S. workers. 


But David Foote, president 
and chief research officer at 
Foote Partners, said there was 


| asplit in 2003: The salaries of 
| U.S. workers increased, while 


H-1B wages continued down- 
ward. That finding comes 
from comparing the H-1B data 
compiled by Computerworld 
and processed by Eastland 


| Data Systems Inc. with salary 
| information that New Canaan, 
| Conn.-based Foote Partners 

| collected through surveys of 

| about 46,000 private-sector 


and government IT profes- 
sionals. 

In the category covering 
data communications and net- 
working jobs, for instance, 


90 


| U.S. salaries rose 6.2% in fiscal 
| 2003, Foote said. H-1B salaries 
| declined 2% during that peri- 

| od, according to the Labor De- 


partment data. Foote said U.S. 
salaries in other IT job cate- 
gories grew at rates ranging 
from 1.5% to more than 6%, 
while H-1B salaries saw de- 
clines of 1% to 5%. 

In 2003, “the economic re- 
covery began in earnest,” 
Foote said. Salaries for U.S. 
workers increased because 
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H-1Bs Help U.S. 
TTL Aes: Ey 
ste eg 
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Did | Steal Your Job? Debugging 
Indian Computer Programmers 
(Oi item tara Oi ce 
account of his experiences as 
an-H-1B worker in the U.S. The 
book offers an inside look at the 
visa program and lays out a case 
for its use by employers. In an 
interview with Computerworld, 
LEMON ela OR Lee es) 
COME Leese 


The first part of your book 


title is very in-your-face. 


companies were trying to hold 
on to IT staffers who hadn’t 


| been laid off during the tech- 
| nology spending downturn, he 


noted. Meanwhile, offshore 
outsourcing increased, as did 


| the use of contract companies 


that rely on H-1B visa workers. 
Because clients didn’t want 
contract-labor costs to eat into 
their offshore savings, con- 
tractors had to be competitive, 


| according to Foote. “If they 


can’t convince the client of 
theirs to pay more for the tal- 


| ent, then they just have to get 


the talent cheaper,” he said. 
The fight over H-1B visas ul- 
timately revolves around the 
opinions and experiences of 
IT managers and workers. 
Jesus Arriaga, CIO at Key- 
stone Automotive Industries 
Inc., an auto parts distributor 
in Pomona, Calif., is among 
those questioning the need for 
more H-1B visas. In prior jobs 
in California in the late 1990s, 
he worked at companies that 
used H-1B workers, who were 
typically paid less than their 
U.S. counterparts. “It’s just 
like offshoring,” he said. 
“You're probably going to get 
similar skills at a lesser cost.” 
Nonetheless, Arriaga said 
that at Keystone, he’s more in- 
terested in hiring U.S. work- 
ers, “especially when you have 
colleagues that have not found 
work.” When U.S. workers 
“get bypassed because other 
foreign workers are coming in 
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What are you trying to accom- 
plish with that? A lot of people 
think that people like me came here 
and stole the jobs. People really 
ecm lla 018L0 Atte ele Lire 
H-1B visa holders brought to this 
economy. The book is about Indian 
eee UN eee NOR UU emELU CMO) BLL) 
visa holders. It’s about abuse from 
the other side - abuse that nobody 
wants to talk about in public 
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whenever | go online, | see a lot of 
MEUM LI eoM LC m (Cell) come 
Also, if you look at programs like 
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and taking their jobs, I don’t 
think that’s right,” he said. 
Russell Lewis, CIO at GFI 
Group Inc., a New York-based 
financial services firm, has 
hired H-1B workers as full- 
time employees and has spon- 
sored them for permanent res- 
idency green cards. Lewis said 


Opponents believe H-1B visa 
lee lem lle Mit Ome tia) 
down the wages of U.S. IT 
workers. What's your view? 
Ee cere |B Ure m 8(0)0) a1) oe 
abuse H-1B visa users - they bring 
in people for very low.cost. But not 
Fla ll oicee cee 18) 0icic0 Mm Maem aT (OA 0 
is brought in to fill a gap. | came 
here as.an electronic de- 

sign automation program- 
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Do major companies pay 


ects ticle MEL cme) aT 
the body shops? The 


that his goal is to hire the best 


| person for a particular job and 
| that he has seen no savings in 
hiring H-1B workers full time. 


“By saying, ‘Well, the H-1B 
workers bring a cheaper labor 
force to the U.S., typically, our 


experience is that it doesn’t do | 


that,” Lewis said. 
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body shops are the ones who pay 
low. When | was hired, | was paid 
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Of the total number of H-1Bs in 
LUC eM LE La ence om 8) 
you believe work at IT contrac- 
tors? The major body shops em- 
ploy about 10% to 15% of the 
H-1Bs, but big companies 
like Microsoft; Oracle, Cisco 
hired the rest - those folks 
don't abuse them. Those 
folks pay the right salaries 
and give all the benefits 


Tie Mabe) MU eee) 
increasing the supply of 
workers, shouldn't 
Pee em 


Some H-1B workers at- 


| tribute wage problems to IT 


contractors — sometimes 
called “body shops.” 

A Labor Department em- 
ployee who works in the H-1B 
program and asked that his 
name be withheld said most 
complaints concern contrac- 


still less than half of its 195,000- 


visa peak. Regan suspects that 
the reduced number of visas will 


encourage offshore 
of IT jobs. Offshoring “will be- 
come more of a reality if people 


can’t get the talent here in the 
US..” he said. 


find jobs feel some resentment? 
An H-1B worker should not replace 
an Américan worker. . . . That's 
ethically wrong, lawfully wrong 

it's wrong from any angle. When | 
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tors who either paid H-1B em- 
ployees below the prevailing 
wage or “benched” them, 

| meaning they weren't paid be- 
tween contracts. 

Rajiv Dabhadkar, a former 
H-1B visa holder and IT pro- 
grammer who returned to In- 
dia last year, said he was al- 
ways paid below prevailing 
wage levels by contractors. In 

| addition, he once found out 
that he wasn’t receiving med- 
| ical insurance even though 
there was a paycheck deduc- 
| tion for the benefit. 

“T’'ve been really hurt by the 
visa system,” said Dabhadkar, 
who formed a group in Mum- 
bai, India, called NoStops.Org 
that provides call center sup- 
port to H-1B and other tech 
workers. 

The 20,000 additional H-1B 
| visas will become available on 
| March 8. Other changes to the 
| H-IB program will also go into 


| effect in the next few weeks, in- | 


| cluding a revamping of the gov- 

| ernment-mandated two-tiered 

| prevailing wage system under 
which visa holders are paid. 

H-1B workers are supposed 

| to be paid a prevailing wage, 

| based on state, federal or 

| private-survey employment 
data. Most companies use 

| federal or state salary data, 

| according to immigration at- 

torneys, who said the current 
system doesn’t give employers 
much flexibility — often forc- 

| ing them to pay a wage that is 
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higher than an employee’s 
skills and training warrant. 

On March 8, the law will be 
changed to allow four tiers of 

| pay in each prevailing wage 
category, enabling companies 
to pay H-1B visa holders some 

| thing between the top and bot- 
tom levels of the prevailing 
wage scale. 

“It has been a virtual night- 

| mare dealing with a two-tier 

| system,” said David Nachman, 

| an immigration attorney in 

| Saddle River, N.J. “What we’re 

| seeing now is [that] finally the 

| Department of Labor is com- 

| ing to an understanding of 

| what the real world is.” 

But Ron Hira, an assistant 

professor of public policy at 

| the Rochester Institute of 

| Technology in New York, said 
the four-tier system “will only 
push wages down... for many 
of those workers that were 
probably in between the two 
[tiers].” 

Another change next month 
requires employers to pay 
100% of a prevailing wage for 
new and extended H-IB peti- 
tions. That rate is now 95% of 
the prevailing wage. Also, the 
fees for an H-1B application, 
including the cost of acceler- 
ated processing, will rise from 
$185 to $3,185. 
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Frida Glucoft, a partner at 
Mitchell Silberberg & Knupp 
LLP in Los Angeles and chair 
of the law firm’s immigration 
department, said the prevail- 
ing wage and application fee 
increases will likely discour- 
age some companies from hir- 
ing H-1B workers. 

Still, Glucoft expects the 

| 20,000 new visas approved by 
| Congress last fall to be gone in 


| a week. @ 52802 
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BY PATRICK THIBODEAU 
Next week, the U.S 


ment will begin 


gover! 
iccepting 
H-1B applications from compa 
nies that want to take advan 
tage of an increase in the fiscal 
2005 visa cap to hire foreign 
workers who have advanced 
degrees from U.S. universities 
Up to 20,000 new H-IB visa 
slots are becoming available 
Opponents of the cap increase 


say the graduates being 


ee hired will take jobs 
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from U.S. workers, in 
cluding IT staffers. Sup 
porters argue that foreign 
workers are important to the 
country’s economic health. At 
the core of the debate lies a 
question that’s likely to re 
emerge as the application 
process begins again: Do H-1B 
visa holders help or hurt the 
U.S. workforce? 


A Computerworld 


anatysIs 
of wage data from approxi 
mately 290,000 H-1B applica 
tions filed with the U.S. De 
partment of Labor shows that 
H-1B salaries declined across 
the board between the 2001 
and 2003 federal fiscal years in 
a number of IT job categories 
They include programming, 
systems analysis, networking 
end-user support and quality 
assurance. The wage decline 
mirrored what was happening 
to the pay of U.S. IT workers 

at least until 2003, when the 
salary trends diverged, ac 
cording to research firm Foote 
Partners LL( 
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collected through surveys of 
about 46,000 private-sector 
and government IT profes 
sionals. 

In the category covering 
data communications and net 
working jobs, for instance 


U.S. salaries rose 6.2 


in fiscal 
2003, Foote said. H-1B salaries 
declined 2% during that peri 
od, according to the Labor De 
partment data. Foote said U.S 
salaries in other IT job cate 
gories grew at rates ranging 
from 1.5% to more than 6%, 
while H-1B salaries saw de 
clines of 1% to 5%. 

In 2003, “the economic re 
covery began in earnest, 
Foote said. Salaries for U.S. 


workers increased because 
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companies were trying to hold 
on to IT staffers who hadn't 
been laid off during the tech 
nology spending downturn, h¢ 
Meanwhile, 


outsourcing increased 


noted offshore 
is did 
the use of contract companies 
that rely on H-1B visa workers 
Because clients didn’t want 
contract-labor costs to eat into 
their offshore savings, con 
tractors had to be competitive, 
according to Foote. “If they 
can’t convince the client of 
theirs to pay more for the tal 
ent, then they just have to get 
the talent cheaper,” he said. 
rhe fight over H-1B visas ul 
timately revolves around the 
opinions and experiences of 
IT managers and workers 
Jesus Arriaga, CIO at Key 
stone Automotive Industries 
Inc., an auto parts distributor 
in Pomona, Calif., is among 
those questioning the need for 
more H-1B visas. In prior jobs 
in California in the late 1990s, 
he worked at companies that 
used H-IB workers, who were 
typically paid less than their 
U.S. counterparts. “It’s just 
like offshoring,” he said. 
“You're probably going to get 
similar skills at a lesser cost.” 
Nonetheless, Arriaga said 
that at Keystone, he’s more in 
terested in hiring U.S. work 
ers, “especially when you have 
colleagues that have not found 
work.” When U.S. workers 
“get bypassed because other 
foreign workers are coming in 
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think that’s right,” he said 
is, CIO at GFI 

i New Yor} based 


financial services firm, has 


Russell Lew 


Group Inc., 


hired H-1B workers as full 
time employees and has spon 
sored them for permanent res 


idency green cards. Lewis said 
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Science Graduate Programs 


An argument cited by H-1B 
supporters for raising the visa 
cap stems from the high number 
of foreign students - especially 
from China and India - who 
come to the U.S. to study. 
Foreign student enrollments 
account for about 70% of the 
masters and Ph.D. computer sci- 


ence students at Texas Tech Uni- 


versity, according to John Bor- 
relli, dean of the graduate school 
at the 28,000-student university 
in Lubbock. Last year, the num- 
ber of foreign students who ap- 
plied for graduate admissions 
was more than three times the 
number of U.S. residents who 
did so, Borrelli said. 

In 2001, the most recent year 
for which figures are available, 
foreign students made up nearly 
60% of graduate enrollments 
nationwide, according to the Na- 
tional Science Foundation. 

Borrelli said U.S. students 
aren't as interested in engineer- 


ing and science studies as for- 
eign students are. “We are not 
preparing our students out of 
high school to compete in the 
area of science and engineering 
very well,” he said. 

Most of the students enrolled 
in the New Jersey Institute of 
Technology's graduate program 
are foreign nationals. The 
Newark-based school has so far 
received 208 applications for ad- 
mission in computer science 
master’s degree programs next 
year, with about 165 of those ap- 
plications from foreign students, 
said Stephen Seideman, dean of 
the school's college of comput- 
ing science. The foreign students 
“will do everything they can to 
stay here,” he said. 

Typically, foreign graduates of 
U.S. universities get a one-year 
training visa after graduation and 
then seek an H-1B visa. 

Rock Regan, former CIO for 
the state of Connecticut, said 
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state agencies typically don’t hire 
H-1B visa holders because of po- 
litical concerns. But Regan thinks 
U.S. schools are “not putting out 
the number of qualified workers 
that the industry needs.” 

Despite the addition of 
20,000 more visas for the cur- 
rent fiscal year, the H-1B cap is 
still less than half of its 195,000- 
visa peak. Regan suspects that 
the reduced number of visas will 
encourage offshore outsourcing 
of IT jobs. Offshoring “will be- 
come more of a reality if people 
can't get the talent here in the 
US.” he said. 

Opponents see any increase in 
the number of visas as having an 
impact on the prospects of U.S. 
students. Norman Matloff, pro- 
fessor of computer science at 
the University of California, Davis, 
and a longtime critic of the H-1B 
visa program, said it’s largely a 
matter of supply and demand. 
The more H-1B workers there are, 
the less opportunity there is for 
his students, Matloff said. 

- Patrick Thibodeau 
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Vaya la 
Exec: HP Needs 
Gerstner Clone 


if Hewlett-Packard Co. could 
clone IBM's former CEO Lou Ger- 
stner, the beleaguered company 
would have the leader it needs 
after Carly Fiorina’s ejection as 
CEO and chairman earlier this 
month, said HP Executive Vice 
President Mike Winkler. “We want 
strong operational leadership and 
hands-on execution capability,” 
he said. (For more details, go to 
our Web site: QuickLink 52848.) 


” ain ROO 


IBM Restates 2004 
Services Revenue 


IBM reduced the 2004 revenue 
figure for its Global Services unit 
by $260 million after discovering 
improper sales of third-party 
hardware at its Japanese unit, the 
company said in a U.S. Securities 
and Exchange Commission filing. 
A review of third-party agreements 
discovered that “certain IBM 
Japan employees acted improperly 
and inconsistently with IBM’s poli- 
cies and practices,” IBM said. 


EDS to Shutter 
21 Data Centers 


Electronic Data Systems Corp. 
plans to close 21 data centers in 
an effort to cut costs. EDS said it 
will close 17 centers in the U.S. 
and four in Europe. The outsourcer 
announced late last year that it 
planned to cut 15,000 to 20,000 
jobs over the next two years. 


Qwest Sweetens 
Its Bid for MCI 


Qwest Communications Interna- 
tional Inc. made a new bid for MCI 
Inc. in an effort to lure MCI away 


from rival Verizon Communications | 


Inc. Qwest’s new $8 billion offer 


matches its Feb. 11 bid but guaran- | 


tees the purchase price and would 


allow a faster payout to MCI stock- | 


holders than its previous bid. MCI 
executives have accepted a $6.7 
billion bid from Verizon, but Veri- 
zon’s bid doesn’t guarantee the 
purchase price. 





HE MARK 


SAP Brin 


Weaver application develop- 
ment and integration suite by 
Q2. That means programmers 
working with NetWeaver will 
get to run LoadRunner’s tests, 
at no extra cost, to determine 
how well their applications 
will perform under ever- 
increasing workloads. 
Although SAP paid 
Mercury to port Load- 
Runner to NetWeaver, 
Lochhead insists this 
isn’t simply work for 
hire. He expects the 
deal to increase adop- 
tion of NetWeaver 

and Mercury’s other 
testing tools. Mercury 
saw a 144% increase in 
sales of its J2EE appli- 
cation-testing software last 
year, Lochhead claims. Most 
of the sales were for IBM’s 
WebSphere and BEA Systems 
Inc.’s WebLogic product 

lines. But, he says, NetWeaver 
is gaining ground. 


Sort through millions 
of security events. . . 
. . . daily in a flash while keeping 
an eye on compliance issues. So 


s Mercury 
Into NetWeaver’s .. . 


. .. application development orbit. According to Christo- 
pher Lochhead, chief marketing officer at Mercury 
Interactive Corp., the Mountain View, Calif.-based 
company’s LoadRunner application stress-testing 
tool should be fully integrated into SAP AG’s Net- 


a 


Be) lalate 
YA Cr my 
gaining ground. 


| with the data privacy man- 


| Portability and Accountabil- 
| ity Act. In Q3, it plans to add 


NEWS _ 


promises Rani Merritt, senior 
vice president at ArcSight 
Inc. in Cupertino, Calif. She 
claims that ArcSight’s Enter- 
prise Security Manager soft- 
ware can sift through more 
than 100 million security 
alerts from network devices 
in a single day and, in real 
time, determine 
which alarms you 
need to care about. 
Later this year, the 
company will deliver 
prepackaged agents 
for Oracle Financials 
to help users oversee 
their adherence to 
regulations. For ex- 
ample, ArcSight plans 
to ship in May an 
agent designed to help health | 
care providers stay in line 


dates of the Health Insurance 


an agent that supports com- 
pliance with the Sarbanes- 
Oxley Act. Merritt also hinted 
at another possible ArcSight 
event in 2005 — the compa- 


| question of marketers, who 


lytics Association (WAA) in 





ny’s initial public offering. 


Bookmark an IT 
tool kit in your. . . 
. .. browser by adding Informa- 
tion Technology Toolbox Inc.’s 

Web site to your favorites list. 

Dan Morrison, CEO of Scotts- 
dale, Ariz.-based ITtoolbox, 
claims that his online re- 
source for all things IT is dif- 
ferent than, say, Computer- | 
world.com or Google. 
For one thing, he 
says, the blogs and 
forums are written by 
technology practi- 
tioners, not lowly 
journalists. And try- 
ing to locate good 
advice is less dicey 


| than it is via Google 


searches, Morrison claims. 
“Rather than help people find 
a needle in a haystack, IT- 
toolbox is providing a stack 
of needles,” he says pithily. 
Although with 850 discussion 
groups active on the Web 
site, that’s a lot of needles to 
sort through. Expect ITtool- 
box to add support for Wikis 
— those Web pages that let 
anyone contribute thoughts 
on a subject. Morrison was 
coy as to when they might 
appear, but you should see 
them before the end of the 
year. 


“As long as | count 

the votes, what. . . 

. . are you going to do about it?” 
That was Boss Tweed’s ques- 
tion to those wondering 
about the veracity of a 19th 
century election in New York. 
Today’s Web analytics “ex- 
perts” could ask the same 


seek objective insights into 
usage data from their Web 
sites. Perhaps the Web Ana-_ | 





Washington will help. At 


Upgraded enKoo appliances 
support Active Directory. 
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least, the new industry group 
might bring consistency to 
the methods that Web traffic 
analysts use to tally their 
numbers. For example, “con- 
versions” aren’t counted the 
same way on most sites. 
Worse, the word doesn’t even 
mean the same thing on dif- 
ferent sites. Jim Sterns, the 
WAA's president, says the 
group “needs to 
prove itself to end 
users and overcome 
end-user skepticism.” 
Sterns thinks it’s es- 
sential that Web ana- 
lytics users speak the 
same language — and 
count the same way. 
That’s why the 
WAAs first project will be 
developing standard defini- 
tions and methods for Web 
analytics. Sterns hopes that 
the bulk of the work will be 
done by 2006. He says that 
given the volatile nature of 
both technology and language, 
the standard definitions “will 
be a live document.” But 
counting methods, one hopes, 
wiil be written in stone. You 
RRO hess 5s ee oee Od.< 


Secure your remote 
user access... 

. .. using Active Directory. Of 
course, you'll need a third- 
party tool, such as the secure 
messaging appliances from 
enKoo Inc. in Fremont, Calif., 
according to enKoo CEO Ajit 
Deora. “Active Directory has 
a very primitive level of au- 
thentication,” Deora claims. 
This week, enKoo plans to 
release an upgrade that lets 
its appliances use existing Ac- 
tive Directory lists to authen- 


| ticate users on SSL VPNs that 


the devices set up. An enKoo 
2000 appliance starts at un- 
der $3,000. @ 52789 
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As every aspect of business migrates to the Web, sensitive infor- 
mation once sheltered is now exposed. Because browser-based 
applications pass through the entire security perimeter. 

If that doesn’t wrinkle your brow, in a recent study 70 percent of 
companies reported security intrusions, with an average of 136 annually. 

The only real answer is a solution that knows exactly what your 


application's traffic should look like, and blocks everything else 


A comprehensive solution that gives you complete contro! over who 


| PATIENTS NOTE: 
MAKING YOUR FILES 


ACCESS (BY ANYONE) 





MAKES THEM EASY 
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Even if everyone knew about the problem, would anyone know the solution? 


gets access from where and when, that can actually identify and fil 
ter application-level cyber attacks 

It's application traffic management taken to the next level 
Something that could only have come from a deep understanding 
of both the network and the application. Which is why only F5 can 
offer it. For details on this revolutionary architecture, including 
our TrafficShield™ Application Firewall and FirePass® SSL VPN, 


visit www.f5.com/cwdoc or call 800-916-7166 
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BI Tools Gain Higher | 
Rank in Enterprises 


Companies seek to 
provide more data 
to more users 


BY HEATHER HAVENSTEIN 
USINESS intelligence 
tools are pushing 
deeper into the enter- 
prise as companies 

use them in projects ranging 

from large-scale user deploy- 
ments to systems that supply 
key data to executive decision- 
makers. 

Many companies are replac- 
ing disparate reporting tools 
with enterprisewide technol- 
ogy while adding corporate 
performance management 
(CPM) software to boost the 
visibility of transactional data. 

For instance, the University 
of North Carolina system, 
which consists of 16 public ed- 
ucational institutions, chose 
Information Builders Inc.’s 
WebFocus technology for en- 
terprise reporting that will 
eventually be used by more 
than 200,000 users. 

Chapel Hill, N.C.-based 
UNC has completed 30% of a 
project launched in September 
to replace several different 
tools, including Crystal Re- 
ports from Business Objects 
SA, on its various campuses, 
said Vijay Verma, UNC’s asso- 
ciate vice president for infor- 
mation resources and associ- 
ate CIO. 


Vendors Respond 
Meanwhile, vendors are mov- 
ing to meet user demands for 
new BI tools that can link dis- 
parate sources of performance 
data. 

Hyperion Solutions Corp. 
this week will unveil its Com- 
pliance Management Dash- 
board, which marries internal 
control data with financial 
data to help companies track 
compliance with the Sarbanes- 
Oxley Act. The new dash- 
board will accompany the 





unveiling of a new version 
of Hyperion’s performance 
management offering. 

Earlier this month, Actuate 
Corp. rolled out the Actuate 
Financial Performance Man- 
agement Suite. 

Spectra-Physics Inc., a 
Mountain View, Calif.-based 
manufacturer of laser systems, 
has been using an earlier ver- 
sion of Hyperion’s perfor- 
mance suite to integrate in- 
ventory data from multiple 
systems into dashboards. 

“The [dashboard] applica- 
tion provides summary and 
detail-level visibility to inven- 
tory worldwide,” said Mark 
Rowell, Spectra’s IT director. 

Toronto-based Labatt Brew- 





eries of Canada is deploying 
CPM tools from Ottawa-based 
Cognos Inc. to give sales, mar- 
keting and finance organiza- 
tions across the country ac- 
cess to data pulled from ll sys- 
tems and 74 transaction sets. 
The company went live with 
the first phase of its deploy- 
ment in October, said Michael 
Ali, Labatt’s enterprise BI 
manager. 

“We are trying to drive tar- 
geted performance manage- 
ment — getting everybody 
looking at the same things... 
throughout the chain of com- 
mand, down to the territory 
manager,” Ali said. 

Blue Cross and Blue Shield 
of Kansas City in Missouri 
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next month will migrate to 
the Business Objects XI BI 
and performance management 
platform to replace four re- 
porting products for 275 users, 
said BI architect Erik Brokaw. 
The health care organiza- 
tion expects the system to 


| support as many as 450 users 
by the end of March. 

Blue Cross and Blue Shield 
of Kansas City will also use 
Business Objects’ CPM tools 
to begin giving executives ac- 
cess to consolidated analytics 
via dashboards. @ 52827 





Microsoft Unveils SQL Server 2005 Offerings 


BY MARC L. SONGINI 
Microsoft Corp. last week 
took the wraps off its next- 
generation SQL Server 2005 
database lineup. 

The SQL Server 2005 family, 
code-named Yukon, includes 
four editions — Enterprise, 
Standard, Workgroup and Ex- 
press — priced at up to 25% 
more than comparable offer- 
ings in the older SQL Server 
2000 line. The new systems 
will ship this summer. 

A Microsoft spokeswoman 
said the price increases can be 
traced to new features in the 


| offerings and contended that 


the products carry lower price 


| tags than similar ones from ri- 


vals IBM and Oracle Corp. 

Moreover, Microsoft point- 
ed out that it offers multicore 
processing licenses, or per- 
processor charges, that cut 
price/performance costs. 

In addition, SQL Server 
2005 will allow users to ex- 
ploit passive fail-over capabili- 
ty at no extra charge, the com- 
pany said. 

At the high end of the new 





lineup, the SQL Server Enter- 
prise product includes busi- 
ness intelligence, data mirror- 
ing and other advanced capa- 
bilities, the company said. 
These features will let users 
buy for one price — $24,999 — 
a full-featured database with- 





out having to purchase multi- 
ple add-on products, said Tom 
Rizzo, director of product 
management for SQL Server. 

In addition to the advanced 
data-mirroring capabilities, a 
snapshot feature lets the data- 
base constantly create snap- 
shots of its configuration and 
thus report any changes to its 
backup system, Rizzo said. 
Managers can also create vir- 
tual partitions within the ap- 
plication, he said. 


Immediate Gains 
The reporting capabilities in 
the Enterprise edition have 
already allowed users at beta- 
tester Summit Partners to re- 
tire older analytical tools, said 
Damien Georges, manager of 
database applications at the 
Boston-based private equity 
firm. The new SQL Server re- 
placed a mixed system built 
around Microsoft Access and 
software from Actuate Corp. 
and Crystal Decisions Inc., he 
said. 

The package boosted per- 
formance times while cutting 


software costs by more than 
$100,000 because SQL report- 
ing costs are already bundled 
into the existing license, 
Georges said. 

In March, Summit plans to 
upgrade a SQL Server 2000 
system that powers its Siebel 
Systems Inc. CRM application 
to SQL Server 2005. The com- 
pany wants to change to the 
Enterprise or Standard edition 
to enable it to implement a 
disaster recovery plan that 
includes database mirroring 
to a redundant server. 

In addition to SQL Server 
2005 offerings, Microsoft also 
released a new SQL Server 
2000 Workgroup Edition with 
the same capabilities as its 
SQL Server 2005 counterpart 
but based on the older sys- 
tem’s functionality. That ver- 
sion will ship by midyear. 

Mainstream support for 
SQL Server 2000-based offer- 
ings will end two years after 
SQL Server 2005 ships. Ex- 
tended support will end five 
years thereafter, Microsoft 


said. @ 52821 
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Oracle Grid 


All Your Databases 


In a Grid 


WY No wasted Capacity 


VY No wasted money 


Y No single point of failure 


Oracle Grid 
It’s fast... it’s cheap... 
and it never breaks 


ORACLE 


oracle.com/grid 
or call 1.800.633.0753 


Note: ‘Never breaks’ indicates that when a server goes down, your system keeps on running. 


Copyright © 2005, Oracle. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. 
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BEA Finally Joins 
Eclipse Foundation 


BEA Systems Inc. said it will join 
the Eclipse Foundation for open- 
source development tools and 
base its integrated development 
environment around the Eclipse 
standard. BEA’s membership rep- 
resents a turnabout for the com- 


pany, which had long been a hold- | 


out. BEA cited in its decision 


IBM's divestiture of Eclipse and its | 


market victory over the rival Net- 
Beans open-source tools initiative 
led by Sun Microsystems Inc. 


Sonoma Demand 
Outstrips Supply 


Intel Corp. has been unable to 
keep up with demand for Sonoma, 
the notebook technology it intro- 
duced in January, a spokeswoman 
confirmed. “As a result of strong 
demand, we are somewhat lean 
on Sonoma component inventory,” 
she said. Sonoma, the latest up- 
date to Intel’s Centrino package, 


includes the Pentium M processor, | 
| tor of the technology division 


the Alviso chip set and the Intel 
Pro/Wireless chip for 802.11 Wi-Fi. 


Microsoft Buys 
Axapta Tool Kit 


Microsoft Corp. has purchased 
from one of its partners a tool kit 
intended to simplify deployment 
of its Axapta software for manag- 
ing finances, supply chains, em- 
ployees and other business re- 
sources. Microsoft bought the 
ERP Complete tool kit from 
En’tegrate Software LLC. Terms 
of the sale weren’t disclosed. 


Hitachi Cuts Price 
Tag for Microdrive 


Hitachi Global Storage Technolo- 
gies Inc. has started shipping a 
new version of its 1-in. Microdrive 
hard disk drive, which can hold 
50% more data than its current 
highest-capacity model. The 6GB 
version of the drive costs $299, 
compared with the $499 price 

of past Microdrive products. The 
company is also lowering the price 
of its 4GB Microdrive to $199. 
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HP to Integrate ApplQ Suite 
Into Storage Management 


Will repackage resource manager as 
Storage Essentials SRM by month’s end 


BY LUCAS MEARIAN 
EWLETT-PACKARD 
Co. today will an- 
nounce plans to in- 
tegrate its Systems 
Insight Manager server man- 
agement platform with a stor- 
age resource management 
(SRM) suite from AppIQ Inc. 
HP joins Hitachi Data Sys- 
tems Corp., Sun Microsystems 
Inc. and Silicon Graphics Inc., 
which have signed similar 
agreements with AppIQ over 
the past year to repackage the 
StorageAuthority SRM suite. 
However, AppIQ Chief 
Technology Officer Ash 
Ashutosh said the agreement 
with HP is more wide-ranging 
and calls for a much tighter 
integration with HP’s systems 
management platform. 
Eric Craig, managing direc- 


at Continental Airlines Inc. in 
Houston, said having an inte- 
grated view into his entire 
hardware environment could 
reduce the number of storage 
administrators he needs by 
handing systems oversight off 
to operator-level employees. 





“The more I can streamline 
my tool set and the fewer 
[management interfaces] I 
have to handle, the more I can 
take operator-level skill sets 
and throw them into watching 
these kinds of tools,” said 
Craig, whose 150TB storage- 
area network (SAN) is mostly 
HP, along with some Network 
Appliance Inc. and Sun stor- 
age systems. 

The Storage Essentials SRM 
suite — HP’s moniker for the 
ApplIQ software — will be 
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Modules include server, stor- 
age provisioning, chargeback, 
business application mapping 
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Priced from $2,000 to 
$60,000, depending on the 
management modules used 





available March 28 to 50,000 
Systems Insight Manager 
users for $2,000 to $60,000, 
depending on the installation. 
The suite marks HP’s first 


| combined server and storage 


management application. The 
SRM suite will be integrated 
into Systems Insight Manager 


| by the end of this year. 


The integrated system will 
deliver basic SAN manage- 
ment, as well as modules for a 
variety of tasks, such as stor- 
age provisioning and applica- 
tion infrastructure monitoring 
across the ProLiant, Integrity 
and HP 9000 server lines and 
HP’s storage-array lines. 

While Storage Essentials 
will offer management of 
EMC, Hitachi, Sun and IBM 
storage systems at a basic dis- 
covery and provisioning level, 
Craig said he isn’t interested 
in heterogeneous SAN man- 
agement, because it’s too 
complex and lacks adequate 
security. 

“What I'd like to see is a 
tool that allows me to look at 
throughput in a particular I/O 
channel, [to] let me know if 
that I/O channel is saturated 
or what my average read rate 
times are and what my cache 
hit rates are,” he said. “Those 


Planning System isn’t Fully Delivering at UPS 


Start-up problems 
slow package-flow 


technology rollout 


BY LINDA ROSENCRANCE 
United Parcel Service Inc. has 
acknowledged that its new 
package-flow system isn’t op- 
erating as smoothly as expect- 
ed, with problems at about 100 
of the 300 or so delivery cen- 
ters where the homegrown 
technology has been installed. 
UPS began rolling out the 
package-flow system in late 
2003 as part of a $30 million 
project [QuickLink 41713]. 
The Atlanta-based company 
planned to deploy the system 





at all of its 1,000 US. delivery 
hubs by this year. But now 

full implementation won't be 
achieved until the end of 2007, 
UPS spokeswoman Donna 
Barrett said last week. 

The system uses bar-coded 
shipping labels and geograph- 
ic information systems soft- 
ware, which runs on the com- 
pany’s back-end servers. Ac- 
cording to UPS, the technolo- 
gy is helping delivery planners 
at some facilities develop 
more-efficient routes for dri- 
vers, saving the company mil- 
lions of dollars. 

“This year, we'll probably 
see $50 million to $100 million 
worth of cost-cutting as a re- 





sult of improved productivity 
and reduced mileage and asso- 
ciated fuel costs,” Barrett said. 
But Donald Broughton, a 
financial analyst at St. Louis- 
based A.G. Edwards & Sons 
Inc., said that level of savings 
is far less than what UPS pro- 
jected two years ago. “At that 
time, they said that by 2007, 
they would save $700 million 
a year by more highly refining 
the way trucks were loaded 
and unloaded and the way 
routes were planned and exe- 
cuted,” he said. But the tech- 
nology is increasing the time 
it takes some workers to load 
packages onto trucks, he noted. 
Barrett said the issues with 
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tools would be good to have 

for fine-tuning some of my 

high-performing applications.” 
Tony Asaro, an analyst at 

Enterprise Strategy Group 

Inc. in Milford, Mass., said 

the partnership with AppIQ 

should be a big boost for HP, 


| whose storage operation con- 


tinues to struggle. “I think the 
market expects more from 


| them. They’re one of the few 


totai solution providers, along 
with IBM, and they have lost 
revenue over the last year and 
have lost people,” Asaro said. 

Bob Schultz, general manag- 
er of HP’s Network Storage 
Solutions division, said each 
of Storage Essentials’ modules 
is pretested to plug into the 
Systems Insight Manager plat- 
form, and because it’s built on 
standards such as J2EE, SMI-S 
and Web-Based Enterprise 
Management, it also supports 
third-party software. 

“As we move forward, Sys- 
tems Insight Manager really 
becomes an integration plat- 
form that we can plug into 
management cores like Open- 
View and ISV third-party 
tools,” Schultz said. @ 52818 


MORE STORAGE COVERAGE 


In This tssue: HP’s Bob Schultz explains 
his plans for the company’s storage unit. 
Page 17 


Online: EMC is unveiling an upgrade to 
Centera that adds search engine technology: 


QuickLink 52826 
www.computerworld.com 


the package-flow system are 
ones faced by all companies 
on rollouts of new technology. 
“Tt fundamentally changes 
how certain employees do 


| their jobs. And change is ex- 


tremely challenging when 
you're trying to implement it 
on a broad scale,” she said. 

At the delivery hubs that 
have encountered problems, 
UPS is retraining employees 
on using the system to give 
them a better understanding 
of how it changes their jobs 
and the benefits it offers. 

“We’re going back to those 
centers [and] getting the pro- 
cesses that we put in place, as 
well as the new technology, to 
run as smoothly as we'd like,” 


Barrett said. @ 52825 
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Singapore Gears Up 
Cybersecurity Efforts 


HE GOVERNMENT of Singapore 
T plans to spend 38 million Singa- 

pore dollars ($23 million U.S.) 
over the next three years to implement 
a master plan for protecting the nation 
from cyberattacks, Deputy Prime Min- 
ister Tony Tan announced last week. 

The government intends to build a 
round-the-clock facility called the 
Cyber-Threat Monitoring Center 
by the second half of 2006, he said. 
The plan also includes the following 
elements: 

w Assessing the vulnerability of 
critical economic sectors. 

@ Developing a reliable means of 
authenticating users for online trans- 
actions. 

@ Creating training and certification 
programs for IT security professionals. 

= Improving public 
awareness of information 
security practices. 

m= Measuring the effec- 
tiveness of government 
agencies’ business conti- 
nuity plans. 

Tan said that IT “has 
become the nerve center 
of our economy” and that 
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cyberterrorism could disrupt critical 
operations such as systems used in ma- 
rine navigation, stock trading or 
telecommunications. He indicated that 
the government is alarmed by a rash of 
computer viruses and phishing scams, 
plus news reports that North Korea 
has “an army of cyberwarriors.” 


U.K. Clothing Retailer 
Plans RFID Expansion 


LONDON 

ONDON-BASED RETAILER Marks & 
L Spencer Group PLC plans to 

broaden its trial of radio frequen- 
cy identification (RFID) technology, 
expanding the test of a clothing inven- 
tory system from nine stores to 53 in 
the second quarter of next year. 

“The feedback so far from our staff 
has been very positive in that the RFID 
tags have clearly improved our stock- 
taking process,” Marks & 
Spencer spokeswoman 
Olivia Ross said last 
week. “What takes up to 
eight hours a week to do 
manually can be done 
with RFID tags in about 
an hour.” 

She added that employ- 
ees simply wave scanners 


| she explained. 
| mLAURA ROHDE, IDG NEWS SERVICE 


| Bunteahe Pests Adobe 





over racks of clothes equipped with 
the tags. 

The current trial involves invento- 
ries of men’s suits, but women’s under- | 
garments will be added next year, Ross 
said. “We are looking to test RFID 
with size-complex items, and for bras 
alone, there could be over 40 sizes,” 


To Offer Stamps Online 
DUSSELDORF, GERMANY 

ONN-BASED postal company 
fe Deutsche Post AG and Adobe 
5 Systems Inc. this month jointly 
announced a Web-based service that 
lets users buy postage stamps online 
and receive them in the form of PDF 
documents. Buyers can print out the 
stamps using Adobe Reader Versions 
6.02 and 7.0 and affix the postage to 
letters or parcels. 

The Stampit Web service will initial- 
ly be made available as part of a pilot 
program for eBay Inc. merchants in 
Germany and is scheduled to be rolled 
out to the general public within a few 
months, the companies said. 

Deutsche Post is working with 
Adobe’s German unit, Adobe 
Systems GmbH, which is based in 
Unterschleissheim. @ 52791 
m JOHN BLAU, IDG NEWS SERVICE 
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Briefly Noted 


The U.K.’s Foreign and Common- 
wealth Office - similar to the 

U.S. Department of State - this 
month awarded Hewlett-Packard 
Co. a seven-year, £180 million 
($343 million) contract to upgrade 
the agency’s secure network of 
desktop systems at more than 200 
locations in the U.K. and abroad. 

@ SCARLET PRUITT, IDG NEWS SERVICE 


Jeff Smith, C10 at Telstra Corp. in 
Melbourne, Australia, since 2002, 
is leaving his post at the country’s 
biggest telecommunications carrier 
on March 31, according to an inter- 
nal e-mail from Ted Pretty, Telstra's 
general managing director. In the 
e-mail, Pretty praised Smith's ac- 
complishments but also signaled 
that a shake-up of Telstra’s IT oper- 
ations is imminent. 

m JULIAN BAJKOWSKI, COMPUTER- 
WORLD TODAY (AUSTRALIA) 


The European Medicines Agency 

a London-based regulatory organi- 
zation, this month awarded Micro- 

Strategy Inc. in McLean, Va., a 

$3 million contract to provide busi- 
ness intelligence software and ser- 
vices for analyzing drug safety. 


| they'll get a lot more mandates. 


Feds Could Face More IT Security Mandates 


Legislator says some agencies have ‘a 
long way to go’ on protecting systems 





BY JAIKUMAR VIJAYAN 

On Feb. 16, U.S. Rep. Tom Davis 
(R-Va.), chairman of the Gov- 
ernment Reform Committee, re- 
leased a report card giving fed- 
eral agencies an overall D+ 
grade on computer security for 
2004 [QuickLink 52707]. In 

an interview last week, Davis 
spoke about the government’s 
IT security performance and 
warned that more mandates 
are on the way if agencies with 
low grades don’t fix their prob- 
lems soon. 


What were your conclusions on 
the overall security performance 
of federal agencies? I think it’s 
improving, but it’s not improv- 





ing fast enough at this point. 
The overall agency scores rose 
by 2.5 points, but they still 
scored a D+. We just need to 
continue to give this focus, 
and hopefully we won’t have 
some kind of cyberattack or 
cyber Pearl Harbor. We have 
to be inspired by that 

to try and stay ahead 

of the curve. 


Why are some agencies 
faring so weil while others 
appear to be struggling? 
Leadership. It basically 
goes to the CIO and 
the agency heads and 
their ability to coordi- 
nate on this. They need 


to get a plan, and they need to 
execute on it. Some agencies 
have put the resources into it, 
and others — they haven't. 
Some have still a long way 

to go. 


What's the incentive to improve 
when there are no funding cut- 
backs or other repercussions for 
bad grades? I don’t know if you 
want to punish people by with- 
holding funding. That 
makes it even tougher 
for them to meet their 
goals. But I think there 
may be an embarrass- 
ment factor. If you want 
to have career advance- 
ment and you come off 
an agency that has got a 
bad [security] grade, it 
probably isn’t going to 
help you move to the 





next level. Eventually, I think 
there will be a funding attach- 
ment. These scorecards are 
fairly new, and we are trying to 
get an appropriations buy-in. 


Many of the recommended secu- 
rity controls for federal agencies 
will become mandated by the end 
of this year. What impact will that 
have on the report cards next 
year? Mandates are better 
than suggestions, unfortu- 
nately. You hate to get to the 


| point where you have to man- 


date things that need to get 
done. But I think that is the 
way Congress will react — 
with more mandates on agen- 
cies that will put more bur- 
den on them. We would 
rather have [agencies] solve 
the issues themselves. But if 
they can’t do that, I think 





You identified several areas where 
federal agencies need to improve, 
including annual reviews of IT con- 
tractors, testing of contingency 
plans and incident reporting. 
What’s the problem? They don’t 
have the finances for it. The 
basic problem is that we’re 
asking them to do this in some 
cases without giving them a 
lot of new money. They’re 
kind of waiting for additional 
money to come through. 


How will the CISO Exchange that 
you're setting up for chief infor- 
mation security officers help im- 
prove things? Hopefully, we'll 
get people from agencies that 
have [improved security] 
going into agencies that 
haven't done it and showing 
them how to do it. You get 
some [cross-]pollination that 
way. @ 52822 
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Software Ownership 
Adds $10M to Cost 


BY MARC L. SONGINI 
AILURE to secure ac- 
cess to the source code 
of a key application 
added more than 

$10 million to the cost of the 

infamous “Big Dig” highway 

construction project in Bos- 
ton, according to the Massa- 
chusetts state auditor. 

The application, called the 
Integrated Project Control 
System (IPCS), handles traffic, 
roadway, fire and security sys- 
tems management for the 
$14 billion Central Artery/ 
Third Harbor Tunnel Project. 
Software development for 
the IPCS project remains un- 
finished. 

The initial application was 
created by Transdyn Inc., 
which was awarded the con- 
tract for the first phase of the 
project. The problem occurred 
when Transdyn refused to 
hand over access codes for 
the application to Honeywell 
Technology Solutions Inc., 
which won a contract to devel- 
op the next phase. 

Massachusetts State Auditor 
Joe DeNucci this month said 
the failure of project managers 
to secure “timely ownership” 
of the IPCS software boosted 
the cost of the project. The 
matter wound up in court and 
cost the state millions in over- 
runs and other costs, he said. 

“The significance of this au- 
dit is that it’s a good example 
of the kinds of things that went 
wrong in the project,” said a 
spokesman for DeNucci. It in- 
dicates a failure to foresee that 
“a dispute over the access to 
the software code [could lead 
to a] problem that would delay 
the second phase,” he said. 


Groundwork for Lawsuits 
The initial phase of the IPCS 
project started in 1994, when 
Pleasanton, Calif.-based trans- 
portation software maker 
Transdyn won a $52 million 
contract to develop the appli- 
cation for the first phase of 





the Big Dig, according to the 
audit report. The system was 
based on Transdyn’s Dynac 
transportation management 
software. In 1999, Honeywell 
won a $104 million contract to 
build the next phase of the 


| system to control and monitor 


the entire Big Dig project. 

At that point, Transdyn re- 
fused to turn over the Dynac 
source code to Honeywell, 
claiming that the technology 
was “proprietary and forms 
the cornerstone of a portion of 
its business.” The state argued 
that Dynac had been modified 
as part of the project and had 
thus become a customized 
piece of software not subject 
to the legal safeguards for off- 
the-shelf applications. 

Massachusetts paid Trans- 
dyn $350,000 in a 1999 out-of- 
court settlement of lawsuits 
that each had filed against the 





NEWS. 


other. Under the deal, Honey- 
well sublicensed the software 
from the state “under certain 
safeguards,” the report stated. 
The auditor based the $10 
million price tag for the prob- 


| lem on the state’s decision 


to waive $2.72 million in dam- 


| ages it believed it was owed 


ea 


Battle 
of ‘Big Dig’ 


| by Transdyn and an estimated 
| $7.2 million cost for the four- 
month delay in the project 
| caused by the interruption 
of the software hand-over — 
bringing the total cost overrun 
to $10.3 million. 
Meanwhile, Honeywell in 
| December negotiated an end 


a, rs 


a ~ 


PROJECT MANAGERS’ failure to secure ownership of software 
code added $10 million to the cost of Boston’s Big Dig construction 
project, pictured here in February 2000: 
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to its contract for the project, 
whose price tag has ballooned 
from $104 million to $188 mil- 


| lion since 1999, Vic Miller, vice 


president and general counsel 
at Columbia, Md.-based Hon- 
eywell, said the audit bolsters 
his company’s position that 


| the late delivery of the Dynac 


software was among the fac- 


| tors that affected its ability to 
| deliver its portion of IPCS for 


the agreed-upon price. 

Currently, Transdyn is nego- 
tiating with Big Dig authori- 
ties to complete the IPCS sys- 
tem, said a Transdyn spokes- 
man. He said the company “is 
not in a position to comment” 
on the auditor’s report. 

The Massachusetts Turn- 
pike Authority, which man- 
ages the Big Dig, declined to 
comment on the specifics of 
the audit. In an e-mail state- 
ment the authority said, “We 
have been very candid about 
the issues we have encoun- 
tered with the installation of 
the IPCS system and have al- 
ready referred those issues 
over [to the state attorney gen- 
eral] for potential cost recov- 


ery actions.” © 52820 





Continued from page 1 
Hackers 


— aterm coined to describe 
attacks involving the use of 
search engines — is becom- 
ing a potent threat to IT secu- 
rity, said George Kurtz, senior 
vice president of risk manage- 
ment at security software 
vendor McAfee Inc. in Santa 
Clara, Calif. 

“It’s all about coming up 
with the right search criteria,” 
Kurtz said. “By crafting certain 
requests, you can pull back a 
lot of very specific informa- 
tion.” For instance, searches 
can reveal the existence of 
misconfigured servers, as well 
as password files and vulnera- 
ble software, he said. 

Search engines such as 
Google “provide an extremely 
effective way” to gather infor- 
mation that can be used to at- 
tack Web sites, concurred Gra- 
ham Cluley, a senior technol- 
ogy consultant at Sophos PLC, 
another security vendor. 





Hackers have always relied 
on shortcuts and tools to do 
their dirty work, said Hugh 
McArthur, director of infor- 
mation systems security at 
Online Resources Corp., a 
Chantilly, Va.-based online bill 
processor. “This is just one 
more approach,” he said, 
adding that his company is us- 
ing search engines and other 
tools to look for any compro- 
mising information that can be 
gleaned from its Web site. 

Robert Olson, a systems ad- 
ministrator at Uline Inc. in 
Waukegan, Ill., said the dis- 
tributor of packing and ship- 
ping materials is doing regular 
audits in order to keep “a tight 
rein” on the information avail- 
able via its Web site. 

“We are, of course, con- 
cerned,” Olson said. “Worms 
that use tools like Google, Ya- 
hoo, MSN Search or AltaVista 
to seek out vulnerable systems 
or e-mail addresses make for a 
much more efficient attack.” 

The advanced functions 
supported by search engines 


make it relatively easy for 
even novice hackers to scope 
out Web sites and gather vul- 
nerability data, according to 
Kurtz. Google lets users limit 
searches to specific Web sites 
and domains, to specific files 
on Web sites and even to spe- 


There is also a growing vol- 
ume of information on the 
Web about search strings that 
can be used to unearth sensi- 
tive information from the un- 


& The ability 
of search 

engines to discover 
a lot of information 
that was not neces- 
sarily hidden but 
was a lot less avail- 
able previously is 
scary. 





MATT KESNER, CHIEF TECHNOLOGY 
OFFICER, FENWICK & WEST LLP 


cific pieces of text within files. 





wary. One site has compiled a 
database of more than 800 dif- 
ferent Google hacks that can 
be used to pull data from Web 
sites, Web cameras and even 
Internet-connected printers. 
Such information can actu- 
ally be useful to IT managers 
in figuring out where their se- 
curity vulnerabilities are, said 
Jarrad Winter, network securi- 
ty manager at Western United 
Insurance Co. in Irvine, Calif. 
“It can be really handy for 
penetration testing,” he said. 
Apart from keeping sensitive 
data off the Web, there are oth- 
er steps companies can take to 
ensure that they aren’t com- 
promised by searches, Kurtz 
said. That includes using so- 
called robots.txt files to block 
search-engine crawlers from 
indexing sensitive portions of 
Web sites. In addition, dis- 
abling directory listings can 
keep crawlers out if they slip 
by a robots.txt file. Using pass- 
words to protect IT-related 
information on sites is also a 
good idea, Kurtz said. @ 52823 
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HP Exec Explains Plan 
For Storage Operation 


Vendor is adding 
expertise, channels 
to take on IBM, EMC 


BY LUCAS MEARIAN 

Although Hewlett-Packard Co.'s 
storage revenue has been on 
the upswing since last year’s 
third quarter, it remains down 
from a year ago. HP’s first- 
quarter results showed a slight 
year-over-year decline in stor- 
age revenue, but a smaller one 
than in previous periods. Bob 
Schultz, HP’s general manager 
of storage solutions, spoke with 
Computerworld about HP’s 
plan for improving its competi- 


ket. One thing Schultz wouldn't 
talk about is whether the de- 
parture of former HP CEO Car- 
ly Fiorina will affect his plans. 


How are you responding to in- 
creased pressure from IBM at the 
high end, Deil at the low end and 


EMC at both ends? In Q3 [2004], | 


we were down 15% [year-over- 
year in storage revenue]. In 


| Q4, we were down 10%. In 


Q1 [2005], we were down 1%. 


| That gives you the trajectory, 


which is up and to the right. 


| On all those fronts, the chal- 
| lenge was around field execu- 
| tion. We’ve been hiring stor- 
| age specialists, because as you 
tive position in the storage mar- | 


look at the high end, that’s cer- 


| Storage management 
| center. What we’re do- 


NEWS 


tainly where you need some- 
one that’s steeped in knowl- 
edge. We’ve been partnering 
with channel partners. That 
process is going on, and that'll 


give us more coverage. 


You recently signed a deal with 
ApplQ to resell its Storage- 
Authority product as a way to 
combine server and storage man- 
agement on one screen. Vendors 
like Hitachi and IBM have signed 
similar deals. What sets HP 
apart? We're the first ones re- 
ally unifying servers and stor- 
age. When I look at 

what Hitachi has done 

in the past, it’s been all 
around storage. What I 
believe IBM is doing is 

all around its Total- 


ing is saying, as you 
look out into the future, 


where we virtualize the infra- 
structure, you really want to 
be managing the servers and 
storage in a consistent way. 


Users have given your midrange 
Enterprise Virtual Array high 
marks, but that’s at the homo- 
geneous level, not the heteroge- 
neous level. How will HP support 
competitors’ systems? We're 
missing mainframe support on 
the EVA, but that’s not the tar- 
geted market for EVA. 


That's on the server side, but 
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That's 
alues of working 


neous environments 
one of the 
with AppIQ. They bring rela 
tionships with Hitachi and 


others. 


IBM said it is already doing that 
and extended the integration re- 
cently to its BladeCenter server 
systems, where you have the 
servers, network and storage all 
in one place. What sets you 
apart? “All in one place” is dif- 
ferent from integrated. A lot of 
people ... say, “Let’s have this 
single pane of glass,” which 


ie 


> 


what about the host side? 
What if | have EVA on the 
back end and | want to 
have EMC’s Centera or 
Hitachi’s Thunder array 
on the same network? 
The benefit of working 
on the open manage- 
ment platform is that 
we'll manage heteroge- 


means, “Let’s have 27 windows 
running on a single monitor.” 
A lot of companies say [they] 
have tools in each space, but 
what they really haven't done 
a is say, “We're going to have a 
systems management tool that 
highly integrates how I man- 
age my storage and my com- 


pute environment.” @ 52790 


Suffering from Data 
Backup Trauma? 


Check out the hilarious new online video: 
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Starring John Cleese 


Get ready for side-splitting hilarity as comic gent 
John Cleese makes lighthearted fun of backup. 


StaGe 


know it. See the new online video, THE INSTIP 

FOR BACKUP TRAUMA: in which Dr. Harold Twait 
Weck (Cleese) takes you on a tour of his new Institute 
dedicated to the treatment and prevention of the 
tragedy called Backup Trauma (BT). Co-starring 


Michael Dorn. 
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“eee* 4 Stars!” 
Tape Backup 
Trauma Times 


“t laughed, | cried. 


| called my vendor.” 
IT guy named Fred 


“3 Thumbs Up!” 
Recovery Failure 
Monthly 
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ChoicePoint Error Prompts 
Calls for Identity Theft Law 


Privacy groups, senator 
demand hearings 

BY GRANT GROSS 

A variety of privacy groups and U.S. 
Sen. Dianne Feinstein (D-Calif.) are re- 
newing calls for a national privacy law 
in the wake of news that data collector 
ChoicePoint Inc. mistakenly gave pri- 
vate information on up to 145,000 U.S. 
residents to identity thieves. 

Alpharetta, Ga.-based ChoicePoint 
this month reached an agreement with 
19 state attorneys general to tell poten- 
tial victims that thieves may have 
gained access to personal information 
such as Social Security numbers and 
credit reports [QuickLink 52719]. 

Potential victims live in all 50 states, 
the District of Columbia, Puerto Rico, 
Guam and the U.S. Virgin Islands. 

The ChoicePoint problem points to 
the need for a national privacy law, 
said the Electronic Privacy Informa- 
tion Center (EPIC) and the Center for 
Democracy and Technology (CDT). 

For most U.S. companies, only a 
2003 California law requires identity 
theft notification. 

“There certainly is agreement that 
we need better notification, exactly 
because of cases like this,” said Ari 
Schwartz, associate director at the CDT. 

Feinstein has also called for congres- 
sional hearings on privacy legislation 
she introduced this year. Feinstein’s 


Phony FBI E-mail 
Launches Virus 


BY TODD R. WEISS 

A fake e-mail that purports to be from 
the FBI is circulating on the Internet 
with a computer virus as its payload. 

The FBI last week warned that 
the unsolicited e-mail tells users that 
“their Internet use has been monitored 
by the FBI’s Internet Fraud Complaint 
Center and that they have accessed 
illegal Web sites.” 

The bogus message then asks recipi- 
ents to click on an attachment and 
answer some questions about their 
alleged illegal Internet use. But rather 
than being a questionnaire, the attach- 
ment infects the recipient’s computer 
with an as yet undetermined virus. 


Notification of Risk to Personal Data 
Act would require businesses and 
government agencies to notify likely 
victims when there is a “reasonable 
basis to conclude” that a criminal has 
obtained unencrypted personal data. 


Legislative Prospects 

Feinstein’s bill lacks co-sponsors, and < 
similar bill of hers went nowhere in 
Congress in 2004. “Moving any bill is 
always a difficult prospect, but now 
more people are coming to an under- 
standing of the issue of identity theft,” 


a Feinstein spokesman said. 


Schwartz and Marc Rotenberg, 
EPIC’s president, questioned whether 


| ChoicePoint would have notified po- 


tential victims at all without the Cali- 
fornia identity theft law. “They’ve been 
reckless with people’s information,” 
Rotenberg said of ChoicePoint. 

David Bernknopf, a ChoicePoint 
spokesman, disagreed. The company 
first notified the sheriff's office in Los 
Angeles County in October of the pos- 
sible data leak because it believed the 


| leak started there, he said. It’s still not 


clear how the thieves got access to 
ChoicePoint’s data, Bernknopf said. 
Authorities believe a group of people 
used IDs stolen from legitimate busi- 
nesspeople to set up phony businesses 
that contracted with ChoicePoint for 
identity checks, he said. @ 52787 


Gross writes for the IDG News Service 


Paul Bresson, an FBI spokesman, 
said last week that the agency discov- 


| ered the phony e-mail over the previ- 


ous weekend after several recipients 
notified the FBI. He said he didn’t 
know exactly how many complaints 
were received. 

The e-mail message has multiple 
misspellings and is written in broken 
English, Bresson said. “The wording is 
very poor, which helps us,” he said. 


| “We're hoping that that flags people.” 


Bresson said he didn’t know whether 


| any victims of the scam have provided 


their credit card numbers or other 
information. 
Pete Lindstrom, an analyst at Spire 


Security LLC in Malvern, Pa., said fake 
| e-mail messages will continue to be a 


problem until tighter standards for 
sending e-mails are adopted by 
senders and recipients. @ 52788 


Enterprise Rent-A-Car wanted to make their document 
process more efficient. So they consulted with a team of 
document experts from Xerox. Working together, they 
analyzed the document process across thousands of 
locations worldwide, and initiated systemic improvements 
in key aspects of filing and retrieving mission critical 
documents. 

By implementing a Xerox Global Services Imaging 
and Retrieval solution, 3 miliion critical documents 
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repository, making them instantly available over the 
Enterprise Intranet whenever needed. 

The result: Documents are managed in a timely 
manner. Redundancy and errors are cut way back, and 
security is maximized. 

To find out how Xerox can bring this kind of time 
and cost-saving expertise to your business, simply call 


your Xerox representative or visit our website today. 


xerox.com/learn 
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DON TENNANT 


Rights and Wrong 


AVE YOU SEEN that IBM commercial 

with the little Chinese girl? It’s one of 

those IBM help desk ads, and the girl 

says she needs help because she wants 

to learn about so many things, but she 
lives on a farm in China and can’t go to school. The 
problem is solved when she’s able to attend a virtual 
class made possible by technology. 


I first saw the commer- 
cial around the time I was 
receiving a lot of mail 
from irate readers who 
vehemently disagreed 
with the position I took 
three weeks ago in my 
column titled “The Three 
Stooges.” In that column, 
I argued that the three 
US. congressmen who ‘chief 
raised a national security 
alarm in response to 
IBM’s plan to sell its PC 
business to China’s Lenovo Group 
were engaged in legislative buffoon- 
ery [QuickLink 52310]. 

The reaction from some readers 
was intense. “You are just another 
silver-haired corporate lackey, toeing 
the corporate line,” one wrote. “Com- 
panies like IBM and Microsoft, and 
corporate stooges like yourself who 
front for them, are little more than 
traitors.” Citing the threat of war with 
China, this reader suggested that I 
consult with my son, who is in the 
Navy, before I write my “next piece of 
knuckle-headed, traitorous trash.” 

“You put personal gain over patri- 
otism,” another reader echoed. “You 
deserve a traitor[’s] fate. I would 
love to watch that.” 

It occurred to me as I watched the 
little girl in the IBM commercial that 
a lot of these readers are probably 
irate about IBM supplying technolo- 
gy to educate Chinese children. Af- 
ter all, educated children grow up to 
be skilled adults who might very 
well be compelled to join China’s 
military forces. I have no doubt that 
many Americans contend that our 


You can contact him at 
computerworld.com. 





national security would 
be better protected by 
withholding the means 
for Chinese children to 
be educated. I disagree. 
For the record, I’m not 


naive. I wasn’t all that far 


from Beijing during the 
Tiananmen Square mas- 
sacre on June 4, 1989. 
There are a lot of things 
in China that need to 
change. But how can 
they be changed? And 
should we help change them? 

Of course we should. That’s be- 
cause a little girl on a farm in China 
has just as much right to an educa- 
tion as a little girl on a farm in Iowa. 
And it’s just as important for a Bei- 
jing University student watching a 


| tank rumbling toward him to have 


free speech as it is for a Harvard stu- 


| mission to use his name, and I 
| admire that. 


| who were outraged by my position 


| published with their names. That’s 
a tragic waste of a precious right 

| that too many people live without. 

| And wasting that right is just plain 

| wrong. @ 52776 


dent protesting the low pay of jani- 


| torial workers. The only way those 


changes will come is for the West to 
continue to engage China commer- 


| cially, culturally and politically. Any- 


one who has been to China in the 


| past decade has witnessed remark- 
| able positive change as a direct re- 
| sult of that engagement. 


And for what it’s worth, when the 


| time does come that the people of 
| China have free speech, you can bet 
| they’ll exercise it. 


That’s what Ron Baker of Oregon 


City, Ore., did. “I had to gargle with 
| Listerine after reading your tripe,” 


he wrote in response to my column. 


| “It’s [expletive deleted] like you 
| that make me hate this industry 
| [to which] I have dedicated a thirty- | 
year career.” Baker gave me per- 


Unfortunately, other readers 


wouldn’t allow their opinions to be 
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DAVID MOSCHELLA 


FCC: Mission 
Accomplished 


“It is the mission of the Federal Commu- 
nications Commission to ensure that the 
American people have available — at 
reasonable costs and without discrimi- 
nation — rapid, efficient, nation- and 
world-wide communications services; 
whether by radio, television, wire, satel- 
lite, or cable.” 

- Congress’ original charge to the FCC, 1934 
ILL WE ever see the 
day when a large 
government agency 

proclaims “mission accom- 
plished” and starts winding 
itself down, not because of failure but 
because of success? Don’t bet on it. But 
that’s the question that comes to mind 
as we watch SBC Communications 
swallow up AT&T, Verizon and Qwest 
go after MCI, and Sprint take over 
Nextel. While the 
usual assortment of 
advocacy groups will 
fret about excessive 
corporate size and 
power, when you 
look at today’s 
telecommunications 
marketplace, it’s 
pretty clear that vir- 
tually all of the 
FCC’s goals have 
been achieved. 

It was less than 
25 years ago that a 
heavily regulated 
AT&T dominated 
America’s telecom- 
munications industry. The U.S. judicia- 
ry wisely deemed this an undesirable 
structure, given the diversity and po- 
tential of emerging voice and data 
technologies. The 1982 antitrust settle- 
ment that led to the breakup of AT&T 
triggered an explosion in innovation 
and usage beyond what even the most 
zealous enthusiasts ever predicted. 

It’s worth remembering that in the 
early 1980s, the idea of breaking up 
AT&T was highly controversial, and 
the best means of doing it was by no 
means obvious, even to those who sup- 
ported it. However, the decision to 
separate AT&T’s local, long-distance 
and equipment businesses has proved 
sound. The latter two industries quick- 
ly became fiercely competitive; only 
the local operating companies held 
near-monopoly positions. 


global research director 
at CSC Research and 
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Over the past two decades, those lo- 
cal monopolies have also been steadily 
eroded, and thanks to the Telecommu- 
nications Act of 1996 and other poli- 
cies, the largely artificial boundaries 
between local and long-distance ser- 
vices have blurred. The emergence of 
DSL, cable, and wireless voice and data 
services, as well as Internet-based of- 
ferings, is producing a highly competi- 
tive marketplace where the eventual 
winners are by no means clear. Which 
one of those horses would you bet on? 

Of course, all is not perfect. Cable 
TV and local telephone services are 
still too expensive in some areas, and 
it would indeed be worrisome if a re- 
gion’s wired and wireless services were 
owned by a single company. There is 
also the risk that excessive access 
charges between various networks 
could become a real barrier to open 
competition. But these issues can be 
managed by state regulators, antitrust 
overseers and the marketplace. They 
no longer require a specialized agency 
focused on national telecom policy. 

The idea of scaling back the FCC is 
not so much a cost-saving proposition. 
By government standards, the FCC’s 


$290 million budget and 2,000 employ- | 


ees are rounding errors. And even with 
its primary mandate largely fulfilled, 
there are still areas — especially spec- 


trum allocation and international satel- | 
lite coordination — where the commis- | 


sion’s work remains important. 

But the era when the telecom indus- 
try was viewed as a highly unusual, 
even unique sector that required its 
own regulatory body has pretty much 
come to an end. Consider this a sign of 
technological progress and market ma- 
turity. If nothing else, treating the tele- 
com business more like other major in- 
dustries could thin the legions of highly 
paid lobbyists in the halls of Congress. 
When there are very few rules to write, 
there’s not much for even the cleverest 


of lobbyists to do. @ 52720 


JERROLD M. 
GROCHOW 


Firewalls’ 
False Sense 
Of Security 


HE Internet front door 

to almost every bank 

and financial services 
company in the world is 


guarded by two sets of fire- 
walls defining a DMZ. Near- 
ly every e-commerce site 
sits in a similar DMZ in 
what has become the de fac 
to standard in Web security 
architecture. According to 
Sun Microsystems, “In to- 
day’s tumultuous times, 
having a sound firewall 
DMZ environment is your 
first line of defense against 
external threats.” But I 
would argue that guarding 
the perimeter is lulling or- 
ganizations into a false 
sense of security that re- 
sults in ignoring the imple- 
mentation of other security 
mechanisms in their appli- 
cations and databases. 

In contrast, the Internet 
front door to MIT doesn't 
have a DMZ and pretty much doesn’t 
even have a firewall. Universities begin 
with an assumption that everything is 
open, but these large organizations are 
arguably no more vulnerable to exter- 
nal threats than banks and financial in- 
stitutions, and perhaps less vulnerable 
to internal threats. 

A key reason for reduced vulnerabil- 
ity is the approach many universities 
take to creating authorization and 
application-level security in the ab- 
sence of a secure perimeter. For more 
than a decade, universities have been 
implementing homegrown systems 
and working with vendors to ensure 


vice president for infor- 
mation services and 
technology at MIT and 
has been a consultant 
to the Treasuy Depart- 
ment’s Office of Critical 
infrastructure Protec- 
tion. He was previously 
CTO at American Man- 
agement Systems and 
FOLIOfn. He can be 
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jgrochow®mit.edu. 


that their products don’t 
make assumptions about 
working behind a firewall. 
We look for systems to in 
corporate application-level 
security based on verifiable 
user identities — an ap- 
proach that continues to 
gain ground as organiza- 
tions realize that firewalls 
alone don’t provide the lev 
el of security they need in 
today’s world. 

In your own organiza- 
tion, do you pass around 
unencrypted passwords 
and data inside the firewall 
because you know you're 
behind the firewall? Are 
your application servers 
available to any request 
from anywhere (because 
they are behind the firewall) or only to 
those Web servers that need the appli- 
cations they implement? Is everyone 
with access to applications allowed full 
access, or is each person’s role (cus- 
tomer, authorizer, accounts payable 
clerk) part of the authorization proto- 
col to applications? These are some of 
the issues we must face once we realize 
that firewalls don’t really provide full 
application security. After all, once the 
firewall is breached, the outsider is in- 
side, so we can’t treat all insiders alike. 

As a result, there is a growing inter- 
est in standardizing approaches to 
secure authorization and application 
access. Many security architectures at 
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universities (and some corporations) 
are based on the Kerberos protocol 

and software (http: 
kerberos), first developed at MIT in the 


web.mit.edu 


1980s and still going strong. In fact, 
Kerberos is in the background of oper 
ating systems from Apple, Sun and 
Microsoft, but it’s not yet fully imple- 
mented in many commercial applica- 
tions. In addition to Kerberos, the 
Shibboleth Project, sponsored by In- 
ternet 2 (http://shibboleth.internet2. 
edu), is developing software to attack 
the problem of cross-organizational 
authentication. The Liberty Alliance is 
working on standards for cross-organi- 
zational authorization in Web services 
environments (www.projectliberty.org). 
And Kerberos can already complement 
or enhance the deployment of Shibbo- 
leth or Liberty standards as it evolves 
in both intra- and interorganizational 
infrastructures. 

The problem of securing the myriad 
applications and databases within 
large organizations isn’t going to be 
solved by developing increasingly se- 
cure firewall technology. Firewalls can 
go only so far — at some point, you'll 
have to develop a secure identity 
structure that’s incorporated into each 
and every application. And projects 
such as Kerberos, Shibboleth and Lib- 
erty will lead the way. @ 52620 
WANT OUR OPINION? 

More columnists and links to archives of 
columns are on our Web site 
www.computerworld.com/columns 





Jumping the Gun 
Hurts Vendors 


THINK the free-speech defense 

that Dan Gillmor cites in his col- 
umn “Apple Suit ls Wrong Kind of 
Different” [QuickLink 52283] is 
misplaced. Truly, free speech is 
paramount to a democratic society 
and should be defended. Specifical- 
ly, journalists play an important role 
in guarding that right. 

However, publishing product in 
formation before official announce- 
ments are made can hardly be clas- 
sified as journalism. It provides no 
benefit to the consumer and serves 
only to harm the creator, in this case | 
Apple. Apple, more than any com- 
puter and electronics manufacturer, | 
relies on creative design and market 
timing to stay in business. Being in- 
novative is what has developed the 
company's brand and created a loy- | 


al fan base. Having the details of up- 


coming products made known prior 
to announcement does nothing but 
allow competitors to get a head start. 
Journalism is a service to the 
people, to educate, protect and in- 
form. Believe me, | enjoy finding out 
about a new product or other piece 
of news before my friends or col- 
leaques as much as anyone, but this 
is not journalism, and Apple has 
every right to defend itself 
Aaron Spencer 
Senior network engineer, 
Somers, N.Y. 
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HP Should Be Quiet 


E CAREFUL, Mr. Tennant, you 

might be showing your lack of 
knowledge concerning corporate 
financial reporting requirements 
[“Disquiet. Period.” QuickLink 
52181]. | suggest you research the 


problem Google had when certain 
comments were made prior to its 


| initial stock offer. In matters with the 
SEC, caution is always the order of 
| the day. 


Dannis L. Robinson 


IT manager, 
| Beaumont, Texas 
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| Revealing Secret 


| AGREE with Bruce Schneier 


[“The Curse of the Secret Ques- 


| tion,” QuickLink 52479] that the an- | 
| swer to Web sites’ secret questions 
| are too easy to find by hackers 


Worse yet, if my account is bro: 


| ken into, the hacker can often re- 


view the secret question and its an- 


swer, thus acquiring extra info about | 


me, such as my mother’s maiden 
name, Social Security number or 
birthday, which can be used to ac- 
cess my financial accounts. Al- 


though biometrics is better, the se- 
cret question can be made more se- 
cure by allowing the user to create 
his own question, as many sites do 
now. This lets me devise a question 
that only my closest and most trust- 
ed family members would know 


Gerry Champoux 
Walled Lake, Mich. 


COMPUTERWORLD welcomes 
comments from its readers. Letters 
will be edited for brevity and clarity 
They should be addressed to 
Jamie Eckle, letters editor, Com- 
puterworld, PO Box 9171, 1 Speen 
Street, Framingham, Mass. 01701 
Fax: (508) 879-4843. E-mail 
letters@computerworld.com 
Include an address and phone 
number for immediate verification 


For more letters on these and 
other topics, go to 
www.computerworld.com/letters 





Got a storage solution 
so good it’s worthy 
of an award? 2 


Nominate it for the Storage Networking COMPUTERWORLD. <=5)'" 
World “Best Practices in Storage STORARE RETWORIING WORLD 


fannie Pree Best Practices 


Storage Networking World (SNW), in conjunction with Computerworld 
and the Storage Networking Industry Association (SNIA), is seeking 
IT user-organization case study submissions for consideration and recognition. 
AWARDS PROGRAM 


This program will evaluate, select and recognize ten Storage Technology 

a eee ee a : : | AWARDS PROGRAM 
Best Practices based on case studies highlighting successful or noteworthy EXCLUSIVELY SPONSORED BY: 
solution implementation projects and deployments in the following categories: 


¢ Systems Implementation E MC 


* Storage Reliability and Data Recovery lain idleness 
¢ Data Lifecycle Management 

¢ Industry Regulation Compliance and Corporate Governance 

¢ Innovation and Promise 





Nominations are welcomed from IT users/implementers; systems integrators/consultants; IT vendors on behalf of customers, or, 
their own in-house deployment; and PR firms on behalf of clients. Multiple submissions of case studies describing different 
deployments per company/organization will be considered. 


Winners will be featured in a Computerworld special advertising supplement profiling the company and submitted case study. 


Submit your nomination today! The deadline is Friday, March 4th at 9:00pm Eastern time. 
Complete the online nomination form at: www.snwusa.com - click “Submit a Best Practices Case Study” 
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Endgame for Tru64 


Tru64 users have no choice but 
to plot a road map away from 
Hewlett-Packard’s Unix system. 
Some will move to HP-UX, but 
others may have to explore 


a 
| 
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SECURITY MANAGER'S JOURNAL 
Assessing a New 

App Infrastructure 

Mathias Thurman must assess his 
company’s architecture, systems and 
applications before going live with 
an Oracle lli deployment. Page 33 


FUTURE WATCH 

Computation Comes to Life 
Researchers such as MIT’s Thomas Knight 
(left) are taking the marriage of computer 
science and biology to a new level, turning 
cells into living computers with programma- 
ble DNA and biochemical memories. Page 28 


other options. Page 32 


Macs are still going 
strong in the graph- 
ics and digital media 
markets. And now 
Xserve may help 
Apple make inroads 
in the data center as 
well. BY MARK HALL 


os 


ie 


IN BUSINESS TO 


AST MONTH, Brandchannel.com dubbed 
Apple Computer Inc. the “brand with 
the most global impact.” But you’d 
never know it by looking at corporate 
desktops today. 
Windows machines are the undisputed personal 
computers of choice for corporate IT, the biggest 
single market for PCs. Research conducted by 
‘ramingham, Mass.-based IDC underscores the 
fact. IDC ranked the maker of Macintosh ma- 
chines No. 10 on its market-share list in 2004, two 
spots behind the Chinese company Lenovo Group 
Ltd. — and the list was prepared before Lenovo’s 
planned acquisition of IBM’s PC unit. 
Yet despite significant efforts by Windows sup- 
pliers, Apple still remains a dominant player in 
2 vertical market segments such as publishing and 

digital media. And with the growing popularity of 
= its low-cost Xserve Unix servers, Apple has an op- 
2 portunity to compete head-to-head with industry 


leaders like Dell Inc. inside the 
data center for general-purpose 
applications such as e-mail and 
Web serving. 


Where’s Mac? 


Not surprisingly, according to re- 
search from New York-based Trend- 
Watch, 83% of graphic designers, 77% of 
corporate design departments and 65% 
of advertising agencies rely on Macintosh 
computers. And publishers also continue to 
depend on Apple’s machines. 
Kim Vichitrananda, a desktop support engi- 
neer for 800 PCs and 250 Macs at The Dallas 
Morning News, acknowledges that Windows has 
comparable applications for the publishing mar- 
ket. But, she says, “those applications don’t run 
as robustly on Windows. They’re not as fast or 
as seamless as on the Mac. We could not replace 
Macs for PCs.” 

At The Home Depot Inc., senior engineer Bruce 
Covey evaluated only Mac options when he up- 
graded his video production equipment at the com- 
pany’s corporate headquarters in Atlanta. “We nev- 
er considered the PC option, because it can’t do 
what the Mac doe video production,” he says. 

Home Depot’s video group standardized on 
dual-processor Mac G5 desktop machines with 
2GB of RAM accessing 4TB of storage on Xserve 
RAID storage. Covey uses Apple’s Final Cut Pro 
as his editing application. 
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His team also depends on outside 
freelance talent to produce nearly 300 
10-to-45-minute videos every year on 
everything from CEO commentaries 
shot in the corporate studio to forklift- | 

safety programs filmed in warehouses. 
Covey says the “lion’s share” of free- 
lance video talent “depend on Macs,’ 


so he does, too. 


Mac Is Unix 

Apple’s embrace of Unix in its Mac OS 
X operating system gave the company 
a big boost among scientists who need 
hefty processing capabilities. Bill Van 
Etten, who does genetic research at the 
University of Pittsburgh, attributes the 
Mac’s star power among scientists to | 
the computer’s ease of use, a broad set | 
of scientific applications available for 
the Mac and, most important, its Unix- 
based operating system. 

“As a life-science researcher, I sim- 
ply have no use for an operating sys- 
tem that isn’t Unix,” says Van Etten. 

In fact, OS X isn’t just Unix but, with 
the exception of its user-interface and 
management tools code, it’s open- 
source Unix. (The source code is locat- 
ed at www.opendarwin.org.) Apple 
integrates and specifically tunes its 
hardware for an additional 80 open- 
source projects, such as Apache, 
MySQL and JBoss for the Mac. 

The Unix application software avail- 
able for Macs is another benefit touted 
by users. “There are a ton of Unix apps 
designed for research,” says Ben Hanes, 
senior systems analyst at Children’s 
Hospital of Oakland Research Institute 
(CHORD, which is one of the top 10 
recipients of research grants from 
the National Institutes of Health. 

Van Etten acknowledges that “it is 
technically possible to get something 
for a Unix environment to run on Win- 
dows. [And] these applications might 
work sometimes, but it’s slow, awk- 
ward and problematic.” 

At the Broad Institute for bioscience 
research in Cambridge, Mass., Stan 
Diamond, team leader for desktop sup- 
port, says 95% of the servers in the in- 
stitute’s data center are Unix-based. 
About 20% of those are Macs. 

It’s doubtful that Oracle Corp. would 
have decided to port its Oracle 10g 
database to the Mac if the platform 
didn’t have a Unix core. “We see value | 
in OS X,” says Sanjay Sadhu, director 
of worldwide alliances and channels 
at the database giant. “It’s a great new 
enhancement.” He adds that Oracle 
hopes to exploit Apple’s strong posi- 
tion in the sciences and in creative 
and education markets. 

In fact, Oracle has installed Xserves 








| of ATA storage and unlimited OS X 


| A Safer Option 


| cialist says the OS X machines 


TECHNOLOGY — 


in its data center to run its Oracle Col- 
laboration Suite for e-mail, voice mail 
and calendaring for 4,000 employees. 
And Oracle is probably saving mon 
ey doing so. Apple’s dirt-cheap dual- 
processor Xserve competes favorably 
against Dell’s PowerEdge 1850. The 
latter, loaded with dual 2.8-GHz Intel 
Xeon processors and 2GB of memory 
with 600GB of SCSI-based storage and 
a 25-user Windows license, rang up at 
$12,717 last month on Dell’s Web site. 
An Xserve with two 2.3-GHz PowerPC 
G5 processors, 2GB of RAM, 580GB 


clients is a pittance in comparison, 
at $6,299, 

Even running Linux, the Xserves are 
cheaper. And that’s part of the reason 
the University of Pittsburgh’s Van Et- 
ten, a Linux fan, opted for Xserves in 
his 120-node server cluster. The Mac 
is suddenly and uncharacteristically 
a low-cost option for IT shops. 


At Genentech Inc., a multibillion- 
dollar biotechnology firm in South San 
Francisco, Mark Jeffries oversees near- 
ly 2,500 Macs. The senior systems spe- 
are 
used “for various purposes,” from sci- 
entists doing pure research to execu- 
tives toying with spreadsheets. 

According to Jeffries, the Mac’s 
place in the market today is the result 
in large measure to Windows-centric 
IT shops that “have always been trying 
to find some reason to get rid of Macs.” 
But he doesn’t believe that the Mac is 
destined to remain locked in a few ver- 
tical segments, because of recent shifts 
in the technology landscape. 

First, as Web services applications 
replace client/server software, Win- 





| dows dependencies in an application’s 
| business logic disappear, as does the 


requirement for Windows machines. 
The second shift, says Jeffries, is 
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THE LOW-COST ALTERNATIVE? 


THE COMPARISON BELOW SUGGESTS THAT CORPORATE IT SHOULD 
SERIOUSLY EVALUATE APPLE’S DUAL-PROCESSOR XSERVE. 


DELL POWEREDGE 1850 

® Dual 2.8-GHz Intel Xeon processors 
@ 2GB of memory 

®@ 600GB of SCSI-based storage 

@ 25-user Windows license 


COST: $12,717 


malware. He remembers a virus that 
shut down operations at a couple of 
his company’s competitors in 2003 
because of their total dependency on 
Windows while Genentech’s business 
continued unaffected. He says the 
company’s top executives took note 
of that event, and it reaffirmed thei 


| commitment to the Mac. 


“The Mac is secure, if not bullet- 
proof,” Jeffries says. That’s because OS 
X was developed after the widespread 


| adoption of the Internet, so Apple “de- 


signed it to be secure by default.” 

“Windows was designed for fea- 
tures, not security,” he adds. 

Across San Francisco Bay at CHORI, 
Hanes concurs. “Macs are safer,” he 
says. 
someone attached a Windows laptop 
to the network.” 

Hanes, who estimates that CHORI’s 
hundreds of machines are evenly split 
between Macs and Windows, deploys 
Macs as his secure front line to the 
outside world. He has set up CHORI’s 
mail and Web servers on OS X sys- 


The iPod Factor 


APPLE'S RECENT emphasis on consumer 
gadgets and services such as the iPod and 
iTunes are boosting its position in the home 


Cocececsesecsees 


market, but with its bottom line, as it did 
in the most recent quarter, when Apple 
reported record profits. “It does tremen- 
dous things for name recognition famong} 
users of both platforms,” she says. 
And, says Stuart Wilkes, technical di- 
rector of Iscentia Ltd., a Fortune 500 
consultancy in Worcestershire, England, 
Apple’s sound finances mean that “the 
Mac is not a risky investment —— 


| before reaching the network. “ 


“When we get a virus, it’s because | 
| business is Windows users. Dan Fis- 
| chler, president of the Scotts Valley, 


| Winterboer, 





APPLE XSERVE 

® Two 2.3-GHz PowerPC G5 processors 
@ 2GB of RAM 

@ 580GB of ATA storage 

@ Unlimited Mac OS X clients 


COST: $6,299 (JA) 


| tems. Any malware, particularly mail- 


borne viruses, gets stopped there 
If it’s 
touching the Internet, it’s safer on a 
Mac,” he concludes. 

Most Mac technical support person- 
nel argue that the machines are far 


| simpler to manage than Windows box- 
| es. For example, when Genentech went 
| through a recent upgrade on both its 


Mac and Windows systems, one tech- 
nician could completely upgrade six 
OS X machines per day, while on the 


| Windows side, one person could com- 


plete only two or sometimes three PCs 
each day. And for the entire company, 


| seven technicians handle nearly 2,500 


Macintoshes. 
Eighty percent of Digital Strata Inc.’s 


Calif.-based IT consultancy, estimates 


| that one tech support person can man- 
| age 50 to 75 Macs, whereas ideally, 


there should be one for every 20 to 


| 25 Windows PCs. 


That’s because of the high level of 
integration between the hardware and 
the software in a Mac, suggests Gary 
IT support engineer at 
AeroVironment Inc., an aerospace de- 
sign firm in Monrovia, Calif. For exam- 
ple, Apple includes its Server Assistant 
tool, which sets up an Xserve machine 
with a single click. And the Server Ad- 
min tool lets users turn individual fea- 
tures on or off with a mouse click. 

No one expects Macs to displace 
Windows as the desktop of choice for 
general-purpose computing. But Apple 
has deflected intense competition in 
its core vertical markets. And, for the 
first time, it’s becoming a credible con- 
tender as an alternative for servers in- 


side the data center. @ 52603 
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A FREE OFFER T0 LOOK 
AT A BETTER DATABASE 


For your next generation of applications, move 
to the next generation of database technology 
We’re offering a free, fully functional, non-expiring 
copy of Caché, the post-relational database that 
uniquely combines advanced objects and high 
performance SQL. 

With Caché, no mapping is required between 
object and relational views of data. Which means 
huge savings in both development and processing 
time. 

Applications built on Caché are massively scalable 
and lightning-fast. Plus, they require minimal or no 
database administration. 

More than just a database system, Caché 
incorporates a powerful Web application development 


environment that dramatically reduces the time to 
build and modify applications. 

Cache is so reliable, it’s the world’s leading 
database in healthcare — and it powers enterprise 
applications in financial services, government and 
many other sectors. With its high reliability, high 
performance and low maintenance, Caché delivers 
your vision of a better database. 

We are InterSystems — a specialist in data 
management for over twenty-six years, providing 
24x7 support to 4 million users in 88 countries. 
Caché is available for Windows, OpenVMS, Linux, 
Mac OS X and major UNIX platforms, and it is 
deployed on systems ranging from two to over 
50,000 simultaneous users. 


InterSystems » 


E.. CACHE 


Make Applications Faster 


Try a better database. For free. 


Download a free, fully functional, non-expiring copy of Caché or request it on CD at www.InterSystems.com/Free 
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COMPUTATION 
somenay.ourwost COMES TO 


LIFE 


SOPHISTICATED 
CHIP FABS COULD 
BE LIVING CELLS. 
BY GARY H. ANTHES 


OR YEARS biologists have used computer 

models and high-performance computers 

to simulate and understand living proc- 

esses. More recently, computer scientists 

have drawn inspiration from biology to 
immunize information systems against malware and 
to create algorithms that mutate without human 
intervention. In all such cases, the underlying com- 
puter architecture has remained traditional and 
unremarkable — software running on silicon-based 
digital processors. 

But now researchers are taking the marriage 
of computer science and biology to a remarkable 
new level, turning cells into living computers with 
programmable DNA and biochemical memories, 
sensors, actuators and intercellular communication 
mechanisms. 

MIT researcher Thomas Knight is a pioneer in the 
field, which he calls “synthetic biology.” “In 1992, it 
became clear to me that the end of the road was 
coming for silicon,” says Knight, who was a designer 
of integrated circuits at the time. “We would have to 
shift from electronics and physics to an approach in 
which chemistry is the fundamental technology. And 
the most sophisticated chemistry is biochemistry.” 


SHRINKING TARGETS 
Chip-making processes today place atoms of silicon 
and dopants — impurities added to define the chip’s 
electrical properties — crudely but well enough to 
make the chips work. As circuits shrink, however, it’s 
getting harder to put the atoms, particularly the 
dopant atoms, in exactly the right places. 

But biological processes for millions of years have 
been able to place single molecules and atoms in pre- 
cisely the right order and locations. “Cells are good 


at building things — the most sophisticated factories 


FUTURE 


we have,” Knight says. “We as engineers have 
no clue at all how to do that.” 

Rather than wait centuries for conventional 
engineering to catch up, Knight and re- 
searchers at a handful of universities want to 
ride on the back of biology or, more precisely, 
inside the cell. Knight and a group of graduate 
students are building a tool kit of what they cali 
BioBricks, standard parts that can be used to build 
programmable organisms. 

Each of some 400 BioBricks is housed in a little 
vial of liquid containing copies of a carefully chosen 
and well-understood section of DNA. Each DNA 


Nec elem meee AC elit 
holds vials of BioBricks. 


fragment can mimic in some way the operations of 
| conventional computer circuits. BioBricks can be 
used individually to perform very simple tasks, or 
| they can be spliced together to do higher-level work. 
| They allow someone to build programmable organ- 
isms without understanding the underlying biology. 

There are BioBricks that act as logic gates, per- 
forming simple Boolean operations such as 
AND, NOT, NOT AND, OR, NOT OR 
and so on. For example, the AND BioBrick 
generates an output signal when it gets a 
biochemical signal from both its inputs, 
whereas an OR BioBrick produces a signal if 
it gets a signal from either input. 

These biological components work extremely 
slowly by the standards of conventional computers, 
performing their functions in seconds or minutes 
rather than nanoseconds, and Knight says they are 
unlikely ever to exceed millisecond-level perfor- 
mance. “But that doesn’t mean you couldn’t use bio- 








logical components to produce, say, carbon nano- 
tubes,” he says, that in turn could be used to build 
molecular-scale high-performance computers. 

Or, Knight says, it’s possible that living factories 


| made from BioBricks could help build ultradense 
| silicon chips by placing the troublesome dopant 
| atoms at just the right points on a silicon lattice. 


Ron Weiss, a former student of Knight’s and now a 


| professor of electrical engineering and molecular bi- 
ology at Princeton University, is working on digital 

| logic inside cells and intercellular communications. 
| He says it will be a long time before synthetic biol- 


ogy contributes directly to computer science. “But 
eventually we might come up with an abstraction 
that allows you to program billions of little biological 
computing elements that are not robust at all and 
don’t have a lot of resources,” Weiss says, “and that 
might be a useful paradigm for programming certain 
kinds of silicon-based computational devices.” 


SMART PLANTS, AND MORE 
Scientists at the University of Alberta in Edmonton 
are trying to develop a plant whose leaf shape or 
flower color changes when a land mine is buried be- 
low it. Roots would have to be genetically altered to 
detect explosives traces in the soil and to communi- 
cate that information to the leaves or flowers. 

That will require some kind of sensor circuits in 
the plants’ root cells, plus an actuator circuit in the 
leaf or flower cells, with little real computation in 
between. But, Knight says, one can imagine more- 
sophisticated computational engines inside a plant’s 
cell that would, for example, cause the plant to 
bloom on Mother’s Day or prepare itself for frost or 
drought based on warnings input by human weather 
forecasters. “What’s noteworthy about that kind of 
computation is not that it’s wimpy and slow, but that 
it’s in a special place — inside the cell,” he says. 

But he’s clearly uncomfortable speculating about 
miraculous applications of synthetic biology. A great 
deal of effort must first go into developing the kinds 
of design and measurement tools and methods that 
conventional engineers take for granted. “It’s boring, 
tedious work, but it’s extremely important,” he says. 

The ability of biological circuits to self-replicate 


> makes synthetic biology unique among all engineer- 
s ing disciplines, Knight says. “Tremendous power 


comes from that, and some dangers,” he says. 

Researchers at MIT are limiting their work to two 
kinds of agents. The first are natural agents that are 
100% safe, and the second are engineered organisms 
“not known to consistently cause disease in healthy 
adult humans,” the government's definition of 
Biosafety Level 1 on its four-level scale of infection 
dangers. And, Knight adds, his work involves simpli- 
fying organisms, not adding features that could make 
them dangerous. 

The greater danger in synthetic biology, Knight 
says, comes from the possibility that others will ex- 
ploit it for evil purposes. “All powerful technologies 
are dangerous, and we 
are creating a powerful 
technology,” he says. 
“Our best defense is our 
ability to do it faster, 
better and cheaper than 
anyone else.” @ 52466 


DIGITAL CELLS 


Programmed cells could one day 
provide an early-warning system 
for infections: 
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Business Apps 


Satya Nadella leads Microsoft's efforts 
to uncouple corporate applications to make 
them easier to deploy and integrate. 


With a dozen years’ ex- 
perience at Microsoft 
Corp., SATYA NADELLA 
has been put in charge 
of the company’s Proj- 
ect Green initiative, 
which was first an- 
nounced in 2003. The 
aim of the project is to 
rearchitect Microsoft’s 
business application 
offerings under a common, service- 
oriented architecture. 

In a conversation with Computer- 
world’s Robert Mitchell, Nadella dis- 
cussed where Project Green stands 
now, outlined the road map for the ini- 
tiative — which he stressed is all about 
“sequential progress” and not “big- 
bang deployments” — and explained 
Microsoft’s take on “loosely coupled” 
computing. Nadella also described 
how Microsoft is developing its offer- 
ings for midmarket users. 


With Microsoft CRM and acquisitions, you 
have all the elements of a midmarket ERP 
suite. Is that the plan? We got into this 
business through a series of acquisi- 
tions, and we did some homegrown 
development, such as Microsoft CRM. 
We have ERP products, Microsoft CRM 
and our small-business applications 
that are part of Microsoft Office. In 
ERP, we have Great Plains, Axapta, 
Solomon, Navision — those are the four 
major ERP brands for the midmarket. 


How will these products evolve? People 
want things to be simpler, more flexi- 
ble, and they want to drive down the 
total cost. But they also want lots of 
features within a given business do- 
main. To make sense of all this, we first 
developed what we call the customer 
model. It has three elements. The first 
is people. [Users] need a bridge be- 
tween their ad hoc communications 





and their more structured, transaction- 
al work. The second thing is . . . busi- 
ness process complexity as defined by 
looking at an org chart. The number of 
people in a department sets the com- 
plexity, as opposed to the company size. 
The last part is what we call work, or 


| process. People in departments are 


working on some business process. 


How will the move toward a service-oriented 
architecture affect these programs? We 
found five horizontal attributes that 
customers are asking for. The first one 
is that end users want simpler, task- 
oriented, role-based user interfaces 
that will help them navigate through 
information models they already have. 
Great Plains or Solomon have a pretty 
robust data model and object model 
underneath, but what [the user] is real- 
ly saying is, “How are you going to 
help me get to the data I want?” 

The next [attribute] is business in- 
sight. Yes, they want reports, but small 


| and medium-sized businesses are real- 


ly managed by exception. We call it 


| operational BI. 


The third piece is [being] connected. 
There is no such thing as a business 
application, an ERP application, living 


| in isolation. The first level is to be able 


to open up our systems using Web 
services so you allow for these com- 
posite applications that can be built in 
a loosely coupled fashion using the 


new trends of SOA. 


So the way we integrate between 


| CRM and ERP is through an SOA- 


based approach to integration, which is 
a loosely coupled, asynchronous way 


| to bring these systems together. 


The next [attribute] is what we call 
adaptive process. All business applica- 
tions today have gobs and gobs of busi- 
ness logic in code. The problem is, 
business processes are not static. What 


| we've found is that in time, any busi- 
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ness application gets out of syne with 


| the actual process in the physical 


| 
| 
| 





world, and that causes a lot of pain. 

The real Holy Grail is to be able to 
take this thing that is written in code 
today and put it into a more modeled 
form. The [next challenge] is, how 
do we go into the system and start 
putting in models so we can increase 
the longevity of the system, and more 
importantly, how can we make the sys- 
tem more adaptive to change? 

The last piece is the process centric- 
ity in our application design. That’s 
where we're going, and that anchors 


| our vision. 


Is this where Project Green fits in? Project 
Green is one of those things that with 
a little help from us gets written up as 
different things by different people. 
Project Green is a bunch of research 


| we’re doing on those design pillars I 


talked about. It is also actual product 
delivery of that research in the context 
of releases of Great Plains or Navision 
or CRM. Project Green is showing up 
in our products today. When we start 
taking the innards of the business logic 
of these apps and start putting models 
on them, putting them on a single 
model, that’s when you'll start to see us 
having a convergence of our core code. 


So, what is the product road map for Project 
Green? Our road map is not this big 
bang — “here is a new product and go, 
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| all of you, migrate to it.” Our road map 


is all about sequential progress on these 
five design pillars. You can measure 


| [our progress] by the last release we 
| did, and every 24 to 36 months we'll 


have another one. 


| How far are you willing to go with compo- 
| nentization and disaggregation of Microsoft's 


business applications? We absolutely be- 
lieve in componentization and disag- 
gregation that doesn’t break the final 
assembly. Just saying, “Let’s take SOA 


| and apply it mindlessly to the entire 


core application” [doesn’t work]. At the 
end of the day, there is a screen in front 
of the end user where he wants to be 
able to post a transaction. You have to 


| draw the granularity boundaries very 
| well. Otherwise, you just have compo- 
| nents that can’t be assembled. 


| Won't this approach lead to commoditization 
| of software components? The most im- 


portant thing to me from a componen- 


| tization perspective is it allows me to 
| make the systems I have much more 
| agile to change. And that’s the reality 


of business applications. 


| What challenges does this world of compo- 


nentized applications present? Is a Web 
services description an API, or is it not 
an API? If people assume Web services 
are just APIs, you call them like you 
called them in the past, then you build 
systems that are no different. 

You have to build more message- 
oriented systems. You now need to 
think through the workflow and con- 
trol logic in your applications so that 
you're resilient to message passing. 
You can’t have the control flow of 
your code be completely sequential 
and synchronous. You have to have a 
workflow, and you have to be in sync 
with it. That’s a big mental shift. 

Be careful, too, where you want to be 
asynchronous and message-oriented. 
You can’t do a final transaction post in 
a journal in that form, because if you 
start doing that, you really are going to 
create all kinds of issues in terms of 
distributed transaction control and 
also the user experience. 


Will componentization enable users to go 

to best-of-breed applications and mix and 
match, since presumably the integration 
costs will be less to do so? I believe ... we 
will have more systems deployed in a 
decentralized fashion, and they will be 
easier to deploy and integrate. If they 
are not easier to integrate, it’s easier for 
users to just buy one system. The beast 
that needs to be tamed in this case is all 
about integration cost. @ 52262 





Who was selected as best in BI? 


Siebel Business Analytics received the most prestigious BI award because unlike 
traditional BI vendors, Siebel meets the new business demands of enterprise BI. 
Siebel delivers richer, real-time intelligence for everyone across your enterprise. 
Working seamlessly with your existing systems and data warehouses, Siebel's mission- 
critical BI architecture supports multi-terabytes of data and thousands of users. 
And Siebel's pre-built solutions embed industry-specific best practices that are 


flexible, quickly implemented, and deliver low TCO. 


To learn more, visit www.siebel.com/realware 
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HEN TODD ACHENSON, 
Internet systems man- 
ager at Ohio Universi- 
ty, spent more than 
$300,000 on two high- 
end Alpha servers in 
December, he also got 
something else: more 
time for his Tru64 Unix environment. 

Like all Tru64 users, Achenson is 
facing a deadline. Hewlett-Packard Co. 
is discontinuing the Tru64 operating 
system and the Alpha server hardware 
it runs on. The double blow means that 
users must move applications to new 
operating systems and hardware plat- 
forms. But users who say Tru64’s relia- 
bility, clustering and file management 
capabilities are second to none believe 
that they'll be trading down no matter 
what migration path they take. 

HP will stop releasing new versions 
of Tru64 in December 2006 but contin- 
ue support through at least 2011. The 
company released its final chip upgrade 
for Alpha servers last year but will con- 
tinue to sell the servers through 2006. 


Exploring Options 

Many users are still deciding on a mi- 
gration path, according to some con- 
sultants and vendors who work with 
Tru64 customers. 

“We're just biding our time and look- 
ing at options,” says Achenson, who has 
not decided on a migration path for 
critical network services managed by 
his 30 Alpha servers. He believes the 
two new servers will give the 25,000- 
student university in Athens, Ohio, up 
to two years of breathing room. 

“T think the market is still grappling 
with it,” says Vic Ahmed, CEO of Par- 
sec Group Inc., a Denver-based con- 
sulting and training firm that is en- 
couraging users to migrate to Open- 
VMS, which also has strong clustering 
capabilities. OpenVMS runs on Alpha, 
but HP recently ported it to Itanium. 
“There is still a pretty robust customer 
base on Tru64, and they are fairly hap- 
py with it,” Ahmed says. 

But some users weren’t happy with 
HP’s decision. “It’s just a very big dis- 
appointment,” says Nikola Milutinovic, 
Unix systems administrator at EPS JP 
Elektrovojvodina in Novi Sad, Serbia. 
The power company has decided ona 
Linux and Windows path for its Tru64 
applications. 

Achenson had been considering HP- 
UX, HP’s recommended migration path, 
but reconsidered when HP announced 
in December that it was dropping plans 
to move Tru64 clustering and file man- 
agement technology to HP-UX. 

“That’s been a big loss for us,” says 
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TRUG4 HISTORY 


By Patrick Thibodeau 


HP'S PLAN 





Landmark dates: 


1992: Digital 
Equipment Corp. 
_ takes over sys- 
tem and calls it 
Digital Unix. 


1988: Open 
Software Foun- 
dation develops 
OSF/1 Unix. 


1999: Digital is 
acquired by Com- 
pag,renames 


system Tru64. road maps. 


Achenson. “The True64 customers have 
been left high and dry.” 

instead, HP announced an agreement 
with Veritas Software Corp. to integrate 
similar clustering technology in HP-UX, 
says Mary Ellen Lewandowski, a senior 
product manager for Tru64. She sees 
the changes as an improvement in the 
Tru64 road map, not a setback. 

For instance, the decision improves 
the clustering technology, allowing 
management of multiple clusters, which 
Tru64 doesn’t have, says Lewandowski. 


| “Our commitment to our customers is 


to make sure they have the best road 
map there is,” she says. 
Tru64 traces its origins to 1988 and 
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! = Tru64: Updated version 

: due in 2005. HP has since 
I announced a new version 
I update for 2006 as well. 


Alpha: HP will sell Tru64 
Unix AlphaServer systems 
until at least 2006, with 


2002: HP ac- 
quires Compaq, 
sets new product 


Engineering support: 
For Tru64 v4.0F and v4.0G 
was extended last year 
until June 30, 2007. 


was owned for most of its life by Digi- 
tal Equipment Corp. (see diagram). 
Digital was later acquired by Compaq 
Computer Corp., which merged with 
HP in 2002. HP quickly decided to re- 
tire Tru64. “You need to have one Unix 
that you are focused on, and HP-UX is 
a rock-solid Unix,” says Lewandowski. 
However HP justified the demise of 
Tru64, it was still difficult news for 
many users, such as the IT staff at 
BECU, formerly known as the Boeing 
Employees Credit Union. The Seattle- 
based firm is one of the largest credit 
unions in the U.S., with some $5 billion 
in assets and nearly 400,000 members. 
BECU had been an Alpha shop for 
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more than a decade, running Open- 
VMS, but the credit union was under- 
going a major upgrade in 2000 and 
2001 that included a move to an Oracle 
database it wanted to run on Tru64 
Unix. 

HP’s decision was hard to take, says 


| Scott Wolfe, enterprise architect at 


BECU. “We felt like we went out on a 
limb to introduce Tru64, as opposed 


| to other operating systems that had a 


larger customer base,” he says. 
In BECU’s search for new platforms, 
IT infrastructure director Jim Ratch- 


| ford told his team members that they 
| “weren’t beholden” to HP and could 


look at other Unix systems. 
BECU wasn’t happy with HP’s move, 


| but decision-makers felt that HP would 
| go the extra step to ensure that the 


credit union’s migration was success- 
ful — and they may have been right. 
For instance, after deciding to move to 
Integrity Itanium-based servers, BECU’s 


| project faced a major delay because 


Quest Software Inc.’s database replica- 


| tion software hadn’t been tested for Ita- 
| nium. Quest’s CEO called HP and got 


the testing environment he needed to 
keep the credit union’s project on 
schedule, says Ratchford, who felt HP’s 


| fast response was an indication of the 


vendor’s support. 


Dwindling Support 


Another reason Tru64 users will have 


| to move off the system sooner rather 
| than later is dwindling independent 
| software vendor support. 


Some vendors are applying HP’s 
road map to their own products. For 
example, Fairfax Va.-based Datatei Inc. 
makes an ERP package used in higher 
education that runs on Tru64. It hopes 
to have most of its users off the operat- 
ing system by the end of 2006, says 
John Van Weeren, technology product 
manager. The vendor also supports 
IBM AIX, Sun Solaris, HP-UX and 
Microsoft Windows and plans to 


support Red Hat Linux this year. 


Datatel user Bucks County Commu- 


| nity College in Newtown, Pa., moved 


to HP-UX last year from Tru64. Doug 


| Burak, server network security manag- 


er, says many of the reasons for stick- 
ing with HP were business-related. 
The college has a long history with 
Tru64, as well as with HP systems gen- 
erally, and believes HP will support its 
products. 

Kenneth Farmer, a former systems 
administrator who operates the 
Tru64.org user forum, expects users 
will continue running the system “up 
until the very end, until they stop sup- 


porting it.” @ 52601 
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Assessing a New 
App Infrastructure 


Before Web-based applications can be 
deployed, our security manager has to find 
the vulnerabilities. By Mathias Thurman 


OR SEVERAL MONTHS 
my company has been 
upgrading to Oracle Ili. 
This is no trivial task, 
since we have dozens of criti- 
cal revenue-generating appli- 
cations that depend upon a 
successful upgrade and migra- 
tion. A couple of weeks ago, 
the applications were ready to 
go live, and it was time for me 
to conduct a security assess- 
ment and mitigate 
any critical issues. 

Oracle lli provides 
for an Internet-based 
application infra- 
structure. Previously, 
we had to use mainly 
client-based applica- 
tions. That was always a prob- 
lem, because it required each 
user to download and install 
the software he needed. Many 
users ended up with a dozen 
or so applications on their 
workstations, leading to per- 
formance problems and trou- 
bles when there were up- 
grades or patches. 

Now we will have a single 
Web-based interface into the 
various modules users may 
need. A user in the finance de- 
partment, for example, can 
click on a link that will take 
him to the accounts receiv- 
able, general ledger or ac- 
counts payable applications, 
assuming he has access clear- 
ance. Other employees will be 
able to enter expense reports 
or procure equipment from a 
single browser window. 

Of course, new deployments 
always require an assessment. 
In this case, this is even more 
critical, since vulnerabilities 
are typically more prevalent in 
Web-based applications. 

Our practice is to divide our 
assessments into three core 
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areas: architecture, system and 
application. 

As part of the architecture 
audit, we typically obtain all 
network diagrams, flowcharts, 
firewall rules, lists of adminis- 
trators and accounts, and so 


| on. We then take a rule-of- 


least-privilege approach. For 
example, when we understand 
how each application interacts 
with other areas of the infra- 
structure, we ensure 
that firewall rules 
allow for nothing 
more or less than 
the proper opera- 
tion. We then look at 
the manner in which 
privileged accounts 
are identified, managed and 
audited, making sure that 
users are configured with the 
appropriate permissions ac- 
cording to function. 

Next is the system audit. 
This entails running a variety 
of commercial and open- 
source tools against each sys- 
tem to ensure that they're in- 
stalled without deviation from 


| our security baseline and that 


administrators haven’t made 
modifications that might leave 
a system vulnerable. For ex- 
ample, administrators some- 
times create a “.rhosts” file in 
their home directory and 
place a “+” in that file. The 
.thosts file allows the admin to 


The application 
audits always seem 
to generate the brunt 
of the work. 


connect to the server with 
utilities such as rlogin without 
supplying a password, but a 

+” in that file lets anyone con- 
nect to the server without a 
password. It’s convenient for 
the admin, but it’s a security 
no-no. Just prior to going live, 
we run a comprehensive script 
that checks each system for 
the presence of such files, as 
well as for file permissions, ac- 
counts, password policy, cron 
jobs, applications, patches and 
so on. We know what a base- 
line system should look like, 
and any deviations are noted. 
Once we've run the script, we 
take a snapshot of the system 
using a tool from Portland, 
Ore.-based Tripwire Inc. 

We also use Nessus, an 
open-source port scanner, to 
find vulnerable services, such 
as one that is running but isn’t 
needed or is outdated. 


The Hard Part 


The application audit is prob- 
ably the most critical element 
of our assessment. We have a 
pretty good handle on server 
hardware and operating sys- 
tem configurations, since 
those are fairly static environ- 
ments. Any deviations can be 


| detected via Tripwire and at- 


tended to accordingly. Appli- 


| cations are the Wild West in 


comparison. We have hun- 
dreds of developers around 
the world who all create appli- 
cations based on different 
methodologies and coding 
techniques. Although we 
would like to develop some 


| standardization, that’s difficult 


in a big company with a lot of 
development done offshore. 
For this stage, we again use 


both commercial and open- 


source tools. We currently use 
WebInspect from Atlanta- 
based SPI Dynamics Inc. to 
crawl through a Web site and 
look for dozens of Web server 
and application vulnerabilities 


such as SQL injection, cross- 
site scripting and authentica- 
tion bypass attacks. 

rhe results of the assess 
ment were mixed. For the 
most part, the servers were 
configured within a previous- 
ly defined baseline, with only 
a few deviations. In one case, a 
user enabled FTP on the serv- 
er because he was too lazy to 
use Secure Copy to move files. 
On a few other servers, the ad- 
ministrator configured the 
system so that he could direct- 
ly log in as Root. 

But the application audits 
always seem to generate the 
most work. In this case, almost 
every application server had 
SQL injection vulnerabilities. 
A SQL injection attack allows 
a hacker to submit database 
commands through a form or 
via a URL that can be execut- 
ed by the database. The fix in- 
volves enabling the applica 
tion to recognize when these 
malicious requests are being 
submitted and to then reject 
them. This is also termed 
input validation. 

In addition to the SQL injec- 
tion vulnerabilities, develop- 
ers had included sensitive in- 
formation in the Comments 
fields of several scripts, and 
several Dynamo Application 
administration servers were 
configured with a default ad- 
min password. 

There also were some mi- 
nor Web server vulnerabili- 
ties, such as the ability to enu- 
merate directories and view 
the contents of certain files, 
which could give a hacker 
valuable information. 

The next step is to present 
these findings to the project 
managers and put together a 
mitigation plan. Once the plan 
is executed and the vulnerabil- 
ities are removed, we'll con- 
duct a new assessment to en- 
sure that there are no more 
open issues before we go live. D 


WHAT DO YOU THINK? 


This week's journal is written by a real securi- 
ty manager, “Mathias Thurman,” whose 
name and employer have been disguised for 
obvious reasons. Contact him at mathias_ 


| thurman@yahoo.com, or join the discussion 


in our forum: QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to 
@ computerworld.com/secjournal 
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Security Bookshelf 
8 Troubleshooting Linux Fire- 
wails, by Michael Shinn and 
Scott Shinn (Addison-Wesley 
Professional, 2004). 
Despite the title, | 
found this book bet- 
ter suited as a how-to 
guide for building 
Linux-based fire- 
walls. If you're looking 
for a robust firewall 
but don’t want to buy a 
commercial product, 
Linux is for you. And you'll 
want to pick up this book, 
which describes the planning, 
designing and building of 
Linux-based firewalls. The au- 
thors’ expertise is immediately 
apparent, from a nicely writ- 
ten overview of IPTABLES and 
NETFILTER to command-line 
arguments and step-by-step 
procedures. Especially useful 
are their frequent suggestions, 
explanations of tools and sam- 
ple firewall rules with detailed 


explanations. 
- Mathias Thurman 


Laptops Stolen 
From Contractor 


U.S. government contractor 
Science Applications interna- 


ROUBL ESHOOTING 


mobile phones running Sym- 
bian OS with the Series 60 
user interface, has surfaced 
in the U.S. A Symantec Corp. 
engineer spotted two Nokia 
handsets with a variant of the 
worm on display in a shop win- 
dow in Santa Monica, Calif., 
according to Mikko Hypponen, 
director of antivirus research 
at F-Secure Corp. 
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Informatica Unveils 
Integration App 


® Data integration software maker | 


Informatica Corp. has announced 
the PowerCenter Advanced Edi- 
tion integration system. The 
application bundles together 
metadata management and data 
visualization technology, accord- 
ing to the Redwood City, Calif.- 
based company. PowerCenter 
Advanced Edition ships March 1. 
Pricing starts at $180,000. 


NEC Releases 
Midrange Server 


@ NEC Solutions (America) Inc. in 
Santa Clara, Calif., has unveiled 
the Express5800/320Lc midrange 
server. The product combines 
software monitoring tools and a 
hardware fault-tolerant system in 
one server. It includes redundant 
virtual I/O drivers for instant fail- 
over and support for dynamic re- 
synchronization of memory and 
processors, NEC said. The server, 
available now, starts at $24,999. 


Novell Initiates 
Open-Source Effort 


@ Waltham, Mass.-based Novell 
Inc. has established a community 
project called Hula to create an 
open-source collaboration server. 
The server will provide calendar 
and e-mail functionality. Hula will 
be based on code taken from 
Novell’s NetMail collaboration 
server product. Novell contrib- 
uted more than 200,000 lines of 
source code to launch the effort. 


Hitachi Upgrades 
Management Suite 


® Hitachi Data Systems Corp. has 
announced enhancements to its 
HiCommand suite of management 
products, including advanced sup- 
port for Windows Server 2003. 
Hitachi also has improved mea- 
surement, analysis and diagnostic 
capabilities and added support for 
logical partitions, including exter- 
nal storage on the Hitachi Tagma- 
Store Universal Storage Platform. 





‘Two Sides of 
Vulnerability Scanning 


HERE ARE TWO APPROACHES to network | 
vulnerability scanning, active and passive. 
The active approach encompasses every- 
thing an organization does to foil system 
breaches, while the passive (or monitor- 
ing) approach entails all the ways the organization 
oversees system security. When making buying deci- 


sions for your organization, 
it’s a mistake to think that 
you have to choose be- 
tween the two types of 
protection. 
The passive approach 
allows security personnel 
to monitor which operating 
systems are in use; what is 
being sent to, from and 
within the system; which 
services are available; and 
where parts of the system 
may be vulnerable to 
security threats. The active approach, 
on the other hand, offers much infor- 
mation about system and application 
vulnerabilities. 
Active scanning tools are used 
where constant vigilance is required. 
They have a specific area of focus that 


the product is programmed to monitor. | 


(And they are sometimes configured 
to prevent particular situations as well, 
such as the use of USB key chains on a 
network.) Their core monitoring func- 
tionality is generally very rigid and 


can’t be easily customized or extended. 


When an organization uses the pas- 
sive approach in scanning its LAN, the 
information obtained will normally 
include data pertaining to the hosts 
in the network — which ports are 
open, which software versions are 
being maintained and which services 
are running. 

There is a huge potential with pas- 
sive analysis because it allows you to 
assess the vulnerability of your soft- 


ware without interfering 
with the client or server. 
This technology facilitates 
IT asset management, 
since it allows an IT man- 
ager to instantly get a list 
of which users are running 
vulnerable copies of cer- 
tain software programs. 
When combined with 
passive vulnerability scan- 
ning, an active scan can 
help provide a more 
complete picture of the 
| software load-out on client-side sys- 
tems, as well as on servers. In short, 
the two types of scanners complement 
each other. 
When it comes to selecting the 
right passive scanning product for 
| your organization, there is no shortage 
| of options. Tenable Network Security, 
for example, offers a product called 
NeVO. The NeVO vulnerability moni- 
tor can determine what's happening 
on your network without having to 
actively scan it. NeVO runs 24/7 and 
helps uncover whether any new hosts, 
ports, services or vulnerabilities 
have suddenly appeared since the 
last active scan of the network was 
performed. Although NeVO uses its 
own pattern matching and signature 
language to detect potential threats, 
Tenable does publish new NeVO sig- 
natures regularly, allowing you to easi- 
| ly keep this product up to date. 
Guardian Digital’s flagship operat- 
ing platform, EnGarde Secure Linux, is 








another example of a passive security 
tool with intrusion-detection capabili- 
ties to assist users in pinpointing secu- 
rity threats. Guardian also offers the 
Internet Defense and Detection Sys- 


| tem, which the company claims is the 


first open-source IDS application to 
provide both enhanced intrusion- 
detection and -prevention capabilities 
in one system. 

Highly customizable software such 


| as GFI Software’s LANguard Network 


Security Scanner is another example 


| of a passive scanner that can unearth a 
| wide range of security issues on your 
| computer network. GFI also produces 


an active scanner called the LAN- 


| guard Portable Storage Control, which 


is best applied to plug holes in very 
specific areas that have been identi- 
fied by the passive scanner tools. 
When deciding which approach to 
use on your network, remember that 
the key difference between the two ap- 
proaches to security is action. Passive 
security involves providing notifica- 
tion of potential security issues, yet it 
allows those issues to continue until 
the administrator takes action. An ac- 
tive security system, on the other 
hand, alerts administrators of any is- 
sues in question and also takes mea- 
sures to prevent them from causing 
damage, such as blocking the offend- 
ing IP address or closing off the port. 
The bottom line is that passive scan- 
ning in systems can expose a lot of 


| information about all aspects of the 


system in normal communications 
without intruding upon operations. 
Active scanning has the potential to 
discover more information, and when 
combined with passive scanning, it 
gives a more complete picture. The 
wise IT manager will use both. @ 52611 
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The Business Case for Linux 
Building a formal business case 

for Linux is becoming increasingly 
important as more companies consider 
the open-source operating system for 
mission-critical applications. Page 38 


City ClOs are 
using hot new 
technologies to 
raise revenue - 


and IT’s status. 


BY MATT 
HAMBLEN 


FTER YEARS of operating out of the 
limelight, city CIOs are taking starring 
roles as municipal governments begin 
launching new technologies to cut 
costs or earn revenue. 

The job market for city CIOs is heating up, but the 
required skills reach far beyond technology. To sell 
their governments and the public on new ideas like 
wireless broadband, municipal CIOs also need sharp 
communication skills and political know-how. 

“Street smarts are needed,” says Dianah Neff, CIO 
for the city of Philadelphia. City CIOs today “need to 
be more political, absolutely,” she adds. 

Neff survived a major political battle last year over 
city-provided wireless hot zones that would compete 
with offerings from private-sector carriers. “Politics 
was never in any of our training agendas to become 
CIOs,” she s “but [being politically savvy] is more 
of our job today.” 


BEYOND TECHNOLOGY 


Cities are looking for CIOs who are politically astute, 
have an eye on security, can improve city services 
such as public safety with a limited budget and can 
keep IT costs down Adam Kohn, vice chairman 
of Christian & Timbers, an executive recruitment 
firm in New York. “It’s a big job, and if the city CIO 
messes up, it can be a public nightmare,” he adds. 

Neff knows the dangers. Last fall, she had what she 
calls an “unbelievable” experience dealing with the 
Pennsylvania legislature and lobbyists for local ex- 
change carriers. It ultimately resulted in passage of 
legislation permitting Philadelphia to move forward 
with the creation of wireless mesh hot zones but re- 
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New Project Perils 

Just when you think you've got project 
management under control, fallout 
from the Sarbanes-Oxley Act and other 
new regulations can blow up your 
budget and your deadline. Page 40 
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Career Watch 


CIO John Campbell answers a reader’s 
question about project management 
skills. Plus, there’s more bad news on 
IT salaries, and we look at some 
offshoring numbers. Page 41 


Dianah Neff, ClO for the city of Philadelphia: “I've learned that you don’t talk to a mayor 
about grid computing. You talk about how this technology is going to reduce costs.” 
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CITYWIDE HOT ZONES 
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Out of the Engine Room 


One leading-edge technology being deployed in 
U.S. cities is known as municipal wireless mesh 
hot zones. Based on the concept of Wi-Fi hot zones, 
they cover broader areas than the Wi-Fi hot spots in 
shopping malls and airports. 

Some cities are building these hot zones for public 
safety needs. Others have gone further and are offering 
fast wireless connections to homeowners and business- 
es to replace cable modem and DSL services sold by the 
private sector. 

Tropos Networks Inc. in Sunnyvaie, Calif., has sold its 
Wi-Fi mesh routers to 125 cities, according to CEO Ron 


Public 
safety 


stricting other jurisdictions in the state from doing 
so. “We won the battle but lost the war,” she recalls. 
Neff had been the top IT professional at four other 
cities, but last year’s battle taught her how to work 
with a much more diverse group of stakeholders than 
she ever had before, including state legislators, private- 
sector lobbyists and citizens groups of all flavors. “It 
has really broadened my scope of influence,” she says. 
The past year has taught Neff that city CIOs more 
than ever need good people skills and especially the 
ability to advocate for technology for a broad audi- 
plementation of wireless broad- 


NaS band by dozens of city govern- 


ments nationwide has grown dramatically in recent months. 

Philadelphia ClO Dianah Neff ran into forceful lobbying by 
service providers in the Pennsylvania statehouse last November. 
And in early February, a Washington-based research group 
backed by telecommunications providers launched a media as- 
sault on wireless broadband plans. The New Millennium Re- 
search Council (NMRC) condemns the use of public funds for 
wireless broadband access to homes and businesses. 

Saying there are “grave flaws” in the wireless rollouts and tri- 
als now under way in more than 125 cities, the NMRC alleges 
that “municipal Wi-Fi networks present a number of serious 


The political fallout from the im- 
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New technology uses street lamps to build 
a mesh of Wi-Fi hot zones: 


’ 
Ss 


Sege. The devices are deployed from city street lamps in 
a mesh design of about 10 routers per square mile, giving 
1Mbit/sec. connectivity using the 802.11 specification, 
he says. “It’s quite a phenomenon, and the demand is 
increasing rapidly,” Sege says, noting that Dallas and 
Philadelphia have deployed some of the routers, and oth- 

: er large cities, including Boston, Houston and New York, 
are in the early stages of considering the technology. 

In some cases, Wi-Fi hot zones can generate revenue 

for cities, putting ClOs and their IT shops in the unusual 

: role of profit center rather than cost center. “ClOs are ex- 
cited to be doing something so visible in the community,” 
Sege says. “They are out of the engine room and into the 
wheel house.” 


Outdoor Wi-Fi 
cell towers 


~- Matt Hamblen 


ence unversed in IT. “I’ve learned that you don’t talk 
to a mayor about grid computing,” she says. “You talk 
about how this technology is going to reduce costs.” 

Other city IT leaders agree that their roles are 
more vital — and more demanding — than ever. Bill 
Marion, information systems director for Milpitas, 
Calif., says his job has become more complex as the 
IT department has gotten more involved with gener- 
al operations and city planning. For example, IT is 
helping urban planning groups decide where con- 
duits for data cables will be run. 


: problems that are being overlooked as cities rush into committing 
: millions in taxpayer dollars to pay for network development and 

: expansion.” The rollouts will have “a detrimental effect on city 

= budgets and on competitions in the telecommunications indus- 

= try,” the NMRC says. 

: — Critics of the report claim that it's biased toward the telecom- 
: munications industry. NMRC is funded by Issue Dynamics Inc., a 
: well-known Washington-based lobbying firm for U.S. telecom- 

: munications companies, including those that fought metropoli- 
: tan wireless efforts in the Pennsylvania legislature. 

: _ NMRC denies any bias in its report, which was written by U.S. 
: Internet Industry Association President David McClure and 

: Heartland Institute Senior Fellow Steven Titch, among others. 

: (Computerworld’s Robert L. Mitchell is among those who believe 
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“There was a time we were known as data process- 
ing in the basement — a part of the finance depart- 
ment,” Marion says. “Now we’re a separate depart- 
ment that’s interfacing with the public.” 

Milpitas has deployed mesh Wi-Fi for public- 
safety officials, and the technology will be evaluated 
for use by citizens. Meanwhile, he’s deploying anoth- 
er innovative technology to transform IT’s image as 
a cost center: Milpitas has provided a homegrown 
geographic information system to government enti- 
ties outside of Milpitas for a fee. 

Like many municipal CIOs, Brian Anderson of the 
city of Dallas is simultaneously concerned with inno- 
vation and cost-cutting. While Dallas is considering 
wireless mesh networks for public safety and public 
works, Anderson is also looking into cost savings from 
Web services and reductions in desktop operations. “I 
am the point man for so many things,” he says. 

Anderson agrees that political know-how is a must 
for today’s city CIOs, but he stresses that, like their 
corporate counterparts, they need to understand 
their businesses. “We really need to understand the 
city’s problems,” he says. For example, if wireless 
broadband is offered to citizens, a city CIO needs to 
evaluate what city services will evolve from it and 
what fees or revenues might result, Anderson says. 


HOT JOB 


Kohn says he sees a trend toward greater interest in 
city CIO jobs, which have appeared on his “hot jobs” 
list for the first time in a decade. “Because of increas- 
ing [technology] demands on municipalities, this 
CIO job cannot be ignored,” Kohn says. “The city 
CIO holds the key to security and services.” 

Big cities are “very competitive with each other” 
for IT talent, he adds. “The city CIO really is a hot 
job now and will be for the rest of the decade.” 

Although new technologies and the challenges 
they present may make such jobs more exciting, the 
salaries are still substantially below those of CIOs in 
the private sector, Kohn says. But he adds that mu- 
nicipal CIOs aren’t in it for the money. “City CIOs all 
believe in supporting the government’s overriding 
mission of serving the citizenry, and they all also like 
challenges,” Kohn says. 

Marion agrees, and he notes that cities tend to offer 
more-secure retirement benefits than the private sec- 
tor, somewhat compensating for the smaller paycheck. 

But the main reward is seeing new technology work 
for the public good. “We all get excited when we see the 
wireless working on the fire trucks,” he says. @ 52513 


that it's a bad idea for cities to get into the business of providing 


: wireless broadband access; see QuickLink 52647.) 
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On another front in the Wi-Fi wars, Strategy Analytics Inc., a 
research and consulting firm in Newton, Mass., released a study 
that tallies the financial impact of all free Wi-Fi hot spots and 
zones - from those in Starbucks coffee houses to municipal 
wireless projects - on traditional cellular providers such 
as Verizon Wireless and Cingular Wireless LLC. 

It reports that free Wi-Fi, as well as aggressive pricing of Wi- 
Fi capabilities from other traditional service providers, will place 
as much as $12 billion of the projected profits of U.S. wireless 
operators at risk through 2008. That will happen as U.S. opera- 
tors invest $100 billion in advanced wireless networks. 

-Matt Hamblen 
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The Business 
Case for Linux 


As open-source goes mainstream, Linux 
needs to clear the same hurdles as other 
operating systems. BY CAROL SLIWA | 


Pat wr A ad 
HEN CENDANT Corp.'s 
Travel Distribution Services 
(TDS) division considered 
shifting its airline-fare sys- 
tem to Linux on Intel-based 
servers, the IT department 

couldn’t simply flip the switch. The 

system handles 700 transactions per 


second in the course of processing mil- | 


lions of fares from more than 500 air- 
lines around the world. So the IT team 
set aside a few months to do a careful 
analysis of the business case. 

Now that Linux is more commonly 
viewed as a mainstream option for 
mission-critical functions, IT man- 
agers are increasingly evaluating the 
open-source operating system with the 
same due diligence with which they 
compare commercial offerings, accord- 
ing to industry analysts. 

“Tt’s not a science project anymore,” 
says Julie Giera, an analyst at Forrester 
Research Inc. “At this point, Linux 
shouldn’t be different than any other 
commercial software package you buy. 
The rules should be the same. The 
level of scrutiny should be the same, 
and the process for approval should 
be the same.” 


A key first step is establishing the cri- | 


teria by which Linux will be judged. En- 
terprise Linux use has concentrated on 
the server, and decisions are generally 
made in concert with moves to cheaper 
hardware. So the business case is usual- 
ly built for the hardware and the soft- 
ware operating system at the same time. 

Two years ago, Chicago Mercantile 
Exchange Inc. (CME) was paying 
$20,000 to $40,000 for each of its Sun 
Microsystems Inc. servers running So- 
laris, according to Joe Panfil, the com- 
pany’s director of enterprise technol- 
ogy. When the CME needed to add ca- 
pacity, the IT team was anxious to see 
if it could reduce the server costs. 


Se 
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Linux servers were sles at about 
$3,000 apiece, and a Red Hat Inc. sup- 
port subscription tacked on another 
$400 per box, Panfil says. Even though 
the operating system can be down- 
loaded for free, serious users typically 
don’t want to risk running Linux with- 
out a support contract, especially if 
they’re running mission-critical appli- 
cations on it. 

But cost wasn’t the sole metric in the 
business case, particularly after Sun 
began to drop its server prices. The 
CME had to be sure that its critical 
third-party software products — Tibco 
Software Inc.’s middleware, BEA Sys- 
tems Inc.’s WebLogic application 
server and Oracle databases — were 
certified to run on Linux, Panfil says. 

Transaction speed was another key 
driver. The CME makes money based 
on the number of trades it can process, 
so every millisecond it shaves off the 
round-trip trading time counts. 

But none of that would matter if the 
system didn’t run reliably on Linux. In- 
ternally developed electronic trading, 
clearing and regulatory applications 
needed to be ported to Linux, and de- 
velopers needed training to write code 
optimized for Linux. 


Proving the Case 


Once the metrics are established, it’s 
time to test. For Orbitz Inc., that meant 
bringing together four members of its 
software team and four members of its 
hardware engineering team when the 
leases for the Sun servers that ran its 
BEA application servers were due to 
expire in the summer of 2002. 

On paper, Linux made sense for Orb- 
itz. The Chicago-based online travel 
service had the skills, infrastructure 
and tools to work with the open- 
source operating system, since the 
low-fare search engine it licensed from 


| ITA Software Inc. already ran on Red 
Hat’s Linux distribution. 

But Orbitz still needed to make 
sure its WebLogic application servers 
would perform as well on Linux on 
Intel-based hardware as they had on 
Sun Solaris servers, taking into ac- 
count new functionality the travel 
company was planning for its site. 

So the Orbitz IT team consulted with 
the finance and product marketing de- 
partments to find out which new fea- 
tures they wanted and how much addi- 
tional traffic they expected. Orbitz 
architects estimated what it would take 
to deliver the new features, and then 
systems engineers determined the hard- 
ware capacity that would be needed. 

Orbitz did a CPU-for-CPU compari- 
son of Intel Corp. processors running 
Linux against Sun Sparc processors 
running Solaris and found that the Intel 
CPUs performed twice as well, accord- 
ing to chief Internet architect Leon 
Chism. Orbitz then calculated the in- 
cremental cost of purchasing new 
servers from Sun and compared that 
with the amount it would spend if it 
adopted the open-source model and 
used greater numbers of smaller com- 
modity servers. It also factored in the 
additional overhead required to man- 
age the Linux servers. “We did that 
business case” over three months, says 
Pete Stoneberg, director of systems en- 
gineering, “and it clearly came out in 
the open-source Linux camp.” 

Cendant TDS built a lab to test 
3-GHz Intel chips on eight-way IBM 
servers against the 900-MHz Sparc 
chips it had been using on 24-way Sun 
boxes. The goal was to see if its 360 
Degrees Fares application could scale 
out through smaller, redundant Linux 
servers and reliably process an equiva- 
lent number of transactions in the 
same amount of time as the larger, 
more expensive Unix hardware. 
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efficiency 
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“For our company, stability is impor- 
tant. We believed we could get high 
levels of stability through a highly re- 
dundant system built on lots of low- 
cost, high-performing Intel boxes,” 
says Robert Wiseman, chief technol- 


| ogy officer at Cendant TDS. “It turned 


out, for this application, we could run 
at least as many transactions through 
the Intel boxes as the Unix boxes.” 


| Final Tweaks 


That wasn’t the end of it. The team ran 
the application for 30 days and found 
Unix more forgiving of problems such 


as memory leaks. Developers spent 


about three months tweaking the ap- 
plication code to deal with the slight 
operating system differences between 
Unix and Linux. “But at the end of the 
day,” Wiseman says, “the redundant ar- 
chitecture we created with the Lintel 


| environment gave us better stability.” 


The next step was determining the 
number of boxes needed, based on the 
number of transactions the hardware is 
capable of handling, and determining 
the headroom Cendant TDS wanted 
above the peak load. The numbers told 


the story. 


“The cost of building out our plat- 


| form on Lintel versus continuing to 


build on Unix was 90% less expen- 
sive,” says Wiseman. “It was dramatic.” 

The business case for Linux also 
won the day at the CME, saving the ex- 
change an estimated $2.8 million last 
year. “We had a lot of preplanning and 
thought in front of the move,” Panfil 
says. “Where we've needed faster 
servers and cost reductions, we’ve im- 
plemented it, and we’re happy.” 

But the evaluation is ongoing. “We're 
always going to be looking at new 
technologies,” he says. “If Solaris 10 
proves to be just as fast as Linux and 
more reliable, we'll implement it on 
commodity servers.” @ 52516 
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shifting regulatory terrain raises 
new obstacles for project man- 
agers. BY STACY COLLETT | 


oe oe 


T JET BLUE AIRWAYS CORP., 
Vice President of IT Todd 
Thompson mapped out an 
aggressive IT schedule for 
a new payroll system and 
a slew of other projects 

to be completed by the end of 2005. 

But the company’s controller had 

different ideas. 

“You can’t go live in the fourth 
quarter,” she announced. The reason: 
The Sarbanes-Oxley Act calls for the 
toughest oversight yet of companies’ 
financial reporting practices. As a re- 
sult, auditors now look at any new fi- 
nancial systems deployed in the fourth 
quarter of the year as red flags. 

Just when veteran project managers 
thought they had navigated the tough- 
est project pitfalls, the terrain has 
shifted. Regulations introduced over 


ALITTLE KNOWLEDGE 


As young business managers get bet- 
ter versed in technology, IT project 
managers are finding that a little 
knowledge can be a dangerous thing. 
Business managers sometimes 
think they understand all the IT issues 
and don't invite input from IT staff, 
says Virginia Robbins, ClO at Chela 
Financial Resources. “We've seen 
more team meetings [to launch new 
projects] where the technology 
[group] is not present,” says Robbins. 
But when these young guns miscal- 
culate, budgets can skyrocket. On one 
such project, IT folks finally came in a 


| deadlines and budgets, drain staff and 
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pression that someone is using up 


| funds so they don’t lose them 


Fourth-quarter projects may also 


| raise auditors’ suspicions that upgrades 
or new software may have been added 


without the proper controls in place. 
Financial projects not scheduled 


| with this in mind could be delayed 


until the first of the year and perhaps 


even lose funding, or IT could be pres- 
| sured to bring projects live too soon. 


Project managers 
at financial services firms also face 
other regulatory fallout, such as con- 


| cerns raised by the Fair and Accurate 


the past few years are wreaking havoc 
with otherwise solid project plans. 
These changes can blow up project 


force project managers into the role of | 
privacy police. Here are some of the 
obstacles in the new project landscape. 


WUAR R TRAPS 


CORT 


The 
reporting requirements brought on 

by Sarbanes-Oxley have controllers 
putting the brakes on financial IT proj- 
ects in the fourth quarter, says Holly 
Nelson, controller at Jet Blue. 

In the real world, most projects are 
completed in the fourth quarter, says 
Catherine Tomczyk, a project manager 
at First Data Government Solutions 
Inc. in Greenwood Village, Colo. But in 
the financial realm, big expenses near 
year’s end can give auditors the im- 


third of the way through, Robbins says. 
When they checked on the technical 
requirements, “the cost-benefit analysis 
changed by five times,” she says. 

Realizing she needed a player in the 
game, Robbins chose an IT manager 
and reinvented his role as a “business 
owner of IT.” He now represents IT 
business interests at every new project 
meeting. “He’s at the same level as 
these other managers,” she says. “He 
is their peer.” 

He's also the IT group's early- 
warning device, Robbins says. 

- Stacy Collett 





Credit Transactions Act and the Fair 


| Credit Reporting Act, which govern 
| the storage and protection of con- 
| sumer credit information. 


At nonprofit student-loan provider 
Chela Financial Resources Inc. in San 
Francisco, students’ credit scores are 
required to process applications, but 
the need to protect that information 
can lead to audit overkill. “We’re work- 
ing on one project now where we have 
three lawyers involved in the early re- 
quirements phase” because the regula- 
tions regarding how the data can be 
stored and protected are so specific, 
says Virginia Robbins, CIO and a Com- 
puterworld columnist. “Historically, we 
would only have one.” 

The bottom line: “More opinions 
mean more time, more money, and the 
cost of the project goes up,” she says. 


NO AIN 


The USA Patriot Act 


| is hampering the use of foreign nation- 


als in U.S. projects. The act includes 
tight guidelines on the use of foreign 
workers on federal government proj- 
ects, and it restricts their access to 
company information and facilities. 
The effect on projects can range from a 
nuisance to a serious blow. 

At First Data, many members of 
Tomcezyk’s team are foreign nationals. 
“The day [the Patriot Act] went into 
effect, everything came to a crashing 
halt,” she recalls. “My lead architect, 
two top developers and my whole 
mainframe group — close to 15 people 
— had to move to another wing of the 
building. We had to find space that 
wasn’t in a secure area. We had to 
change IDs and passwords. They 
couldn’t come in after hours. They 
had to be escorted everywhere.” 

The result: lost time, increased ex- 
pense and lower morale. 


INTELLECTUAL PROPERTY 
PROBLEMS. In the Internet Age, in- 
tellectual property is on everyone’s 
mind. Too often, protecting it becomes 
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SUCCESS FACTORS 


In November, The Standish Group Interna- 
tional Inc., whose Project Chaos has been 
following project management successes 
and failures for more than a decade, listed 
its latest findings on what makes projects 
succeed. Here are Standish’s success fac- 
tors (in bold), with some additional obser- 
vations about how the difficult new IT land- 
scape makes success even more elusive: 


User involvement. But lately, some 
users have not only taken the lead, they've 
also excluded IT from project planning. 

« Executive management support. 
Clear business objectives. 

« Experienced project manager. 

« Minimal scope and requirements. 
Avoiding scope and requirement creep 
has always been a challenge, but now 
regulatory requirements are adding cost 
and complexity to projects everywhere. 
Iterative and agile process. Layers 
of regulatory red tape are further slowing 
project teams’ response times. 

« Skilled personnel. The USA Patriot 
Act virtually cages foreign talent. 


« Financial management. Lately, 
some financial officers are letting audit 
red flags dictate project calendars. 


Standard tools and infrastructure. 


the project manager’s responsibility. 
“Every time you change the look and 
feel of a Web site, you have to copy- 
right it,” says Tomezyk. “Sometimes 
you’re turning it out so fast, it becomes 
[the project manager’s] responsibility 
to change copyright data.” 

Protecting intellectual property is 
even more challenging when part of a 
project is outsourced. In India and 
much of Asia, contractual agreements 
about copyright protection can be vir- 
tually useless, says Gopal Kapur, presi- 


|; dent of the Center for Project Manage- 


ment in San Ramon, Calif. “Contracts 
don’t do anything [in India] unless em- 
ployees have been trained” on copy- 
right protection, he says. 

Protecting sensitive company or 
consumer information is another chal- 
lenge. Kapur recently visited a medical 
transcription outsourcing firm in India 
and learned that medical information 
from U.S. patients was openly available 
on its databases. 

When part or all of a project is out- 
sourced, building in real protections 
against copyright and intellectual 
property abuses can eat up time and 
resources. @ 52510 





Collett is a Computerworld contributing 
writer in Chicago. You can contact her 
at stcollett@aol.com. 
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Campbell is this month's 
guest Premier 100 IT Leader, 
answering a reader's ques- 
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I have been in the IT field since 
1978 as a junior programmer and 
am working my way up to a sys- 
tem analyst. Presently, | am en- 
rolled in a study program to 
achieve a certificate in IT project 
management and a secondary cer- 
tificate in business analysis. What 
are the job prospects for this com- 
bination? It's very encouraging to see 
that you are furthering your education. 
Continued learning and skill develop- 
ment are critical, given the pace of 
technology change and the highly 
competitive business environment. 
Project management skills have 


been in high demand over the past 
several years, and the demand seems 
to be increasing. Companies now real- 
ize the importance project manage- 
ment plays in successfully deploying 
technology solutions. 

IT has been criticized for not deliv- 
ering an acceptable return on invest- 
ment. An organization that values and 
embraces a strong project manage- 
ment culture is more likely to generate 
a higher documented RO! on technol- 
ogy initiatives. Training in project man- 
agement should entail more than just 
how to plan, organize, staff and man- 
age a series of technical tasks. It's im- 
portant to address the business as- 
pects, such as business process 
flows, requirements gathering, user- 
acceptance testing and, most impor- 
tant, business change management. 

Business analysts are often called 
upon to assist with the extraction, in- 
terpretation, development and docu- 
mentation of business rules, require- 
ments and test plans. Business ana- 
lysts might reside in IT or in a business 
unit. In either case, they need to have 
a thorough understanding of the busi- 
ness function they are supporting. 

The job prospects for someone with 
training and experience in project 
management and business analyst 
techniques are extremely good. | would 
encourage you to complete the PMP 
certification awarded by the Project 
Management Institute. Look for com- 
panies that have a formal project man- 
agement office. You may be hired as a 
business analyst, project coordinator 
or junior project manager. From there, 
you can learn the business and will 
have opportunities in project manage- 
ment for the industry you have chosen. 


Ue a ey 


LAST YEAR, overall salaries for IT pro- 
fessionals dropped to levels not seen 
since 2001, according to a survey Dice 
Inc. released this month. 
But professionals in de- 
fense and government-re- 
lated industries were im- 
mune to the trend, proba- 
bly helped by greater 
spending since Sept. 11, 


and Internet services sectors. 

“The spending for homeland security 
and defense is the main factor,” said 
Scot Melland, CEO and 
president of Dice, which 
runs Dice.com, home of 
one of the largest online 
technology-focused job 
boards in the U.S. 

The growth in the de- 
fense technology market 
was also mirrored by 
changes in geographical 
statistics. Survey respon- 
dents in San Diego and 
Los Angeles reported a 
higher increase in their av- 
erage salaries than did 
their colleagues in Silicon Valley. Several 
defense-related companies are located 
in Southern California. And Melland said 
defense spending is probably the reason 
behind job growth in Washington. 

@ JOHAN BOSTROM, IDG NEWS SERVICE 


The gender gap in-IT 
salaries. But for all 
U.S industries com- 
Teme Mile t rl 
that men enjoy over 
female employees is 
TaN AGT) Cm re 


2.6%, from $69,900 in 
2003 to $67,800 last 
year, according to Dice, 
which surveyed 23,000 
technology professionals. 
One significant trend is that profes- 
sionals in the government and defense 
sectors, as well as affiliated industries, 
saw their average salary rise from 
$64,600 to $66,500, passing their 
colleagues in both the manufacturing 
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OFFSHORE FOCUS 


WHAT COUNTRY is gaining the moston —_: _viders. In India, the CAGR was 11.36% for 
India as a destination for offshore IT work? { captives and 12.32% for service providers. 
China and the Philippines might springto ! Jarad Carleton, an analyst at Frost & Sulli- 
mind, but they have nothing on Poland. Of +} van, says Poland's attractions include a 
course, Poland can’t compare with India | highly educated workforce and financial 
for the sheer number of IT jobs it hosts. But | grants the government has made available 
according to a study by Frost & Sullivan ' to all industries, including IT 

Ltd., for the three years from 2002 through + And how many jobs did companies in 
2004, Poland had a compound annual | developed countries send offshore? During 
growth rate (CAGR) of 40.11% for out- | the period studied, the high-cost nations 
sourced IT workers in captive companies - : analyzed (see chart) increased the number 
those owned by the outsourcing clients- | of IT jobs sent overseas by 826,540, for a 
and 58.72% for outsourcing service pro- ; total of 7,599,540. @ 52541 
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BASE: Data collected over a three-year period (2002-04) through 600 questionnaires. All respon 
ensure that they were decision-makers in IT matters. Employers covered in the report ranged in 

with fewer than 50 employees to global companies with more than 100,000 employees working in si 
& Sullivan also conducted interviews with company and government officials in 14 countries. 
SOURCE: Frost & Sullivan Ltd. 
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Outsourcing 


® April 4-6, Los Angeles 
Sponsor: Gartner Inc. 

The Gartner Outsourcing Summit in- 
cludes tracks on fundamentals of suc- 
cessful sourcing, changes and choices 
in the outsourcing marketplace, busi- 
ness process outsourcing, global 
sourcing and case studies. 
www.gartner.com/us/itsourcing 


Business 


Intelligence 


® April 12, San Jose 

Sponsor: IDC 

Business Intelligence and Business 
Process Forum topics include applying 
business intelligence, predicting the 
business impact of business intelli- 
gence projects, overcoming deficien- 
cies in return-on-investment analyses, 
proven approaches to engaging across 
functional areas, and combining 
emerging technologies. 
www.idc.com/events/events 


Business Process 
Management 


® April 12-13, Chicago 

Sponsor: BrainStorm Group Inc. 
There are tracks for technology and 
business professionals. Tech topics in- 
clude the business value of processes 
and standards, leveraging business 
ules, service-oriented architectures 
and business rules-engine case stud- 
ies, and best practices. Business topics 
include business/IT alignment, busi- 
ness process portfolio management, 
enabling process innovation, leverag- 
ing process modeling and case stud- 
ies. www.brainstorm-group.com 


Information 
Intelligence 


® April 19-21, Phoenix 

Sponsor: Delphi Group 

Topics at the Next Generation Search, 
Content and Knowledge Management 
Summit include increasing customer 
service quality and responsiveness, 
intelligent customer interactions, text 
analytics, data mining, implementing 
enterprise search, managing meta- 
data, and risk management and best 
practices. www.delphigroup.com 








GEORGE TILLMANN 


Innovation 
Doesn't Rust 


66 


VERYTHING that can be invented 
has been invented.” 


This is the often-published quote at- 

tributed to Charles H. Duell, U.S. 

Commissioner of Patents in 1899, sug- 
gesting that the patent office be permanently closed, 


since there was nothing left 
to invent. This statement, it 
turns out, was somewhat 
premature and overly sim- 
plistic. 

Similarly, there has been 
a lot of discussion recently 
about the predicted end of 
innovation coming out of 
IT and of IT as we know it. 

The most recent and most 
discussed predictions 

come from Nicholas G. 

Carr in his book Does IT 

Matter? (Harvard Business 

School Press, 2004). Carr 

sees historical parallels in 

the introduction, spread 

and eventual commoditization of all 
innovative technology, IT included. 

He argues that an emerging technol- 
ogy can provide competitive advan- 
tage in the beginning, but that advan- 
tage quickly fades and innovation 
dries up as the technology becomes 
mature and ubiquitous. At that point, 
Carr says, we should stop assuming 
that it will provide future competitive 
advantage and treat it as a utility, 
where innovation is limited to control- 
ling costs and managing service risk 
[QuickLinks 37990 and 46432]. 

Some agree that the days of IT- 
enabled innovation are over. Everyone 
has computers, everyone has net- 
works, and everyone buys packaged 
software from the same suppliers. IT 
innovation is dead, so it’s best to hun- 
ker down and accept IT as a utility. 

But are these observers looking at 
the right IT? If you consider IT to be 





hardware, cables and sili- 
con, then Carr and the oth- 
ers are probably correct. 
The advances attributed to 
IT can’t be maintained if 
everyone has what every- 
one else has. We saw this 
in the erosion of the ad- 
vantages early computer 
adopters experienced 
decades ago. 

The physical properties 
of the silicon and copper 
of computer hardware 
limit what we can do with 
them. Even Martha Stewart 
doesn’t have an infinite 
number of uses for pine 

cones and tofu. At some point, innova- 
tion simply becomes exhausted. 

But there’s another IT, an IT of ideas 
that doesn’t grow old or become mar- 
ginalized. It’s this IT that created the 
innovative services that changed how 
we bank, build cars and communicate 
with the kids at summer camp. And if 
Carr is wrong, this may be the IT that 
cures disease, supports human colonies 
on Mars and maybe even makes sense 
of our taxes. 

This is the IT of software — an IT 
quite different from the one of silicon 
and copper, because software, next to 
poetry, is perhaps the most conceptual 
of human creations. Software is an ex- 
tension of human thought, and it will 
never be built out. Good innovators 
will always be able to stay ahead of 
their imitators. 

Innovative companies have known 
about the two ITs for years. For exam- 





ple, more than a decade ago, compa- 


| nies in the securities industry were 


competing to build the automated sys- 
tems that gave us the hedging and ar- 
bitrage program trading of the late 
1980s and early 1990s. 

If you had visited the groups that 
developed these tools, you would have 
seen that they weren’t doing the data 
processing that produces your pay- 
check. This IT was a separate unit, of- 
ten at a separate location, staffed by 
people who might never have been in 
the main data center. This IT was fund- 
ed to create the systems they hoped 
would provide competitive advantage. 

These companies knew that the dif- 
ferentiator between a utility and an 
innovative development organization 
wasn’t the CPU, the disk drives or 
the networks; it was the minds of the 
individuals who created the software. 
Competitors, all using the same silicon 
and copper, produced results that 
couldn’t have been more different. 
And what was the cause of that differ- 
ence? Pure thought! 

Carr is partially right: Companies 
should rein in the costs of the com- 
modity IT that thrives on hardware 
and fiber. But IT for competitive ad- 
vantage demands a separate and total- 
ly different treatment. It’s not in dan- 
ger of coming to an end or running 
out of innovation. This technology 
will continue to provide competitive 
advantage for as long as there are cre- 
ative thoughts and a willingness to 
document them in programs. 

Oh, and about Patent Commissioner 
Duell’s comment that everything that 
can be invented has been invented: He 
never said it. Though often quoted and 
referenced, it simply isn’t true. Com- 
missioner Duell had more sense than 
that. @ 52446 


For more columns and links to our archives, go to 


www.computerworld.com/opinions 
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IT Careers: Diversity Role Models Respond to Challenge 


ver the past decade one of the biggest challenges in 
Crs under-represented minorities and women to 
technical careers has been the lack of role models — people 
who have gone before and demonstrated that everyone 
has the opportunity to succeed. While the statistics relating 
to percentage of African Americans or Hispanics or women 
have not changed significantly over the past five years, the 
reality of being able to point to a significant leader who 
“looks like me” is gaining traction. 


Two leaders identified as role models say there are two 
challenges for role models: demonstrating that role models 
are not celebrity entertainers or athletes and helping others 
realize the need for several role models, not just one. 


Thaddeus Arroyo, Cingular Wireless’ first and only ClO for a 
group of 6,000 IT professionals, says the only constant role 
model throughout his life has been his father, who 
established work ethics and an approach for creating his 
own success. Arroyo was chosen one of the 50 most 
influential Hispanics by Hispanic Engineering and 
Information Technology magazine. Arroyo says one of the 
most common things he discourages is for an employee to 
look at a specific job — ClO or Director, for instance — and 
drive to gain that job. “The approach | have always taken 
is not to look five layers up (the career ladder) and say 
that’s who | want to be. Rather, | look at the leaders who 
are close to me, my direct managers or their bosses. This 
isn't about where you want to end up but where you want 
to go next, and then building the skills and experiences to 


Computer Professionals 


get there. Otherwise, you're thinking so far ahead that you 
may miss out on building a skill set.” 


Arroyo reiterates the need for multiple role models because 
lessons can be learned from every person and situation. He 
says the composite of leadership and technical skills that 
develops over a career generates success. He pinpoints that 
this approach allows professionals to focus on achieving 
something vs. gaining a specific title or job. 


Roy Perry echoes Arroyo's focus. Perry, who is corporate vice 
president of global supply chain management for 
StorageTek, is recognized this month as a Superhero in the 
“Engineering the Future” exhibit at the Chicago Museum 
of Science and Industry. “It's difficult for a student to look 
at an engineer and say that’s exciting when they 


responsibility to role model categories, in addition to 
leadership and technical role models. He says to watch role 
models in all three areas to learn how they make decisions, 
execute and carry through. “The community responsibility 
is important because it rounds out the engineer or scientist, 
helps them to understand that they have a responsibility 
to their own families but also to making the community 
a better place. If you don’t learn this, when you do become 
a corporate executive your view of corporate responsibility 
is quite diminished. We all need to think in a way that 
our company or business exists in this town, and this 


town should be better because we were here.” 


have rock stars and athletes that they see and hear Two challenges for role models: 


every day,” Perry points out. "We need to show 
them that there is a place for them (in information 
technology and engineering) to design and create, 
that they may not be able to dunk a basketball but 
they can have a passion for this.” 


Demonstrate that role models are not 
celebrity entertainers or athletes, and 
help others realize the need for several 


Perry works to keep that passion, which he kindled role models, not just one. 


as a child watching John Glenn and then through a 
series of teachers (and yes, he recalls Ms. Ward, Mr. 
Easton and Mr. Griffin by name). He believes it is critical to 
identify evolving leaders and then assure they have 
challenging assignments. “Sometimes | have to create that 
challenge,” he says. “If a bright, technical person is idle, he 


becomes bored and you lose them.” Perry adds community 


Sr. Software Developer. Job in 
Tallahassee, Florida. Respon 


Software Engineer in Westmins- 
ter, CO: Develop aigorithms in 


Online 
Recruitment 
Opportunities 


Post your recruitment 
message on 
itcareers.com and 
reach highly qualified 
IT professionals with 
the hard-to-find skills 
you need. 


Options include 
-Corporate membership 
-Job posting packages 
-Resume database 
-Single job posting 


-Integrated print/online 
packages 


Contact us today for 
rates and additional 
opportunities 
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Cambridge Resource Group. inc 
needs top-notch professionals 
wi/consulting exp. in some of the 
following areas or combination 
thereof: Java, JSP, JDK, J2EE 
XML, JOBC/ODBC, Websphere 
MQ Series, EJB, STRUTS, Un- 
ix, ECommerce, PowerBuilder, 
Oracle Financial Applications. 
PUSQL, SQL*Plus, SQL Load- 
er, Developer 2000, Forms, Re 
ports, TOAD, OracieDBA, Orac- 
le, C, C++, VC++, Erwin Data 
Modelling/Designing, Interwov- 
en TeamSite, ASP.NET, C# 
Visual Studio.NET, XML, XSLT, 
SQL SERVER 2000, Oracle 
Developer 2000, Crystal Re- 
ports, Sun Solaris, Dataware- 
house, COGNOS, Informatica, 
Datastage, COBOL, JCL, V- 
SAM, CICS, DB2, MVS, IMS. 
VSAM, Teradata, EDI Gentran 
Mercator, AS/400, Lotus Notes. 
PeopleSoft HR/Financials, SAP 
R/3 and ABAP/4, Visual Basic 
ATLCOM/DCOM, CORBA, Tux- 
edo, ColdFusion, WinRunner 
Silk, LoadRunner, Rational 
Suite, SQA Suite, Visual Basic 
MS SQL Server, BaaN ERP, sqi 
server, Test Director, Rational 
ional Test Manager. 
arQuest, Rational 
PVCS, QTP, Cry 
orts, Activereports, Cor 

Artifical inte 

Requires A 


Place your 


Labor Certification 


Contact: Danielle Tetreauit at 
800-762- 2977 


sible for development & mainte- 
nance of existing code base for 
records management ware 
mn multi-tier program environ 
ment using component based 
object oriented methodologies. 
Duties include analysis of req's 
developing code base, & prepa 
ration of technical documenta- 
tion. Position requires instaila- 
tion and configuration of record 
and document management 
software and troubleshooting 
defects reported by QA and 
Support. Req’s: Bachelor's de 
gree (or fore 

CS, EE or CE plus 4 yrs experi- 
ence in job offered position or 4 
yrs exp in relate 
a Software E 
ware Deveic 
9am-5pm 


ation as 


resume to Age 

force innové 

10869, Tallahassee, F 
RE JO FL #2614742 


Share Logic 
rf the follow 
work at client 
the United States 
Software Engineer wit 


Peoplesoft Software Engineer 


with experience Pe 


System Administrator wit 


rack 


SAP Developer wit! 
SAP R/3, ALE 


flow, Java and BAP 


Share 


decision-based technologies for 
company’s applications in finan- 
cial analysis. Work w/ Manager 
&/or Sr. S/W Architect to develop 
Strategies for applying s/w and 
h/w technologies to applications 
under development. Participate 
in s/w dev projects from concep- 
tual-design through implementa- 
tion & testing. Use state-of-the- 
art s/w technologies w/ empha- 
sis on object-oriented technolo 
gies. Coordinate efforts with po- 
tential users and developers to 
ensure user requirements are 
covered in design and imple 
mentation. Provide ongoing sup- 
port, consulting & system en- 
hancements after release. BS 
in Comp Sci, Comp Eng, Math 
or related or foreign equiv, + 2 
yrs exp in job offered or in s/w 

programming/analysis, or 
design. Req. course work in lin. 


artificial intelligence & object-ort 
ented technologies & develop- 
heories. Exp to have 

d Microsoft Windows 
Operating Systems, Microsoft 
& C++. 40 hrs/wk, 9am. 

7? 542/yr. Application by 

ne only. Respond to Work 
Development Programs. 
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COMPUTER PROFESSIONALS SAP Development Lead (APO & 
Opportunities for BW Snr lev experience. 
+ SYSTEMS/BUSINESS. intensive lead SAP applic 
PROGRAMMER ANALYSTS development role to 
* PROCESS CAPABILITY requirements, analyze 
ANALYST manage overall development 
* QC ANALYST testing & support highly com- 
* WEB ARCHITECTS plex/customized 
DEVELOPERS SAP’s “Advanced Planner & 
SYSTEMS ANALYSTS Optimizer” (“APO”), Business 
+ WEB GRAPHIC DESIGNERS Warehouse ("BW") & R/3 sys- 
NETWORK ENGINEERS tems implemented globally Will 
PROGRAMMER/ANALYSTS also technically mentor less 
SOFTWARE ENGINEERS experienced SAP staff, perform 
resource allocation & budget 
estimates. Technical oversight 
responsibilities ire 24/7 on 
call availability. Requires a Bach 
degree (or equivalent) in MIS 
Comp Science, Computer En 
VEBSPHERE gineering, Electrical Eng, Math 
* IBM MQ SERIES + XML,UML or relevant field plus 
* MTS + CLARIFY + PERL job offered OR 7 


application develop 


add-ons to 
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ASSOCIATE PROGRAM- 
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comp. Soft. Prgms. Req'd 
MS in CS; exp 
HTML, Java, SOL 
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Solaris. Resumes: Forest 
Laboratories, Inc. 500 Com 
mack Road, Commack, NY 
11725. Attn: C. Cantalupo 
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Computer Professionals 


Computer Consultants. Inc 
needs top-notch professionals 
w/consulting exp. in some of the 
following areas or combination 
thereof: Java, JSP JDK J2EE 
XML, JDBC/ODBC, Websphere. 
MOQ Series, EJB, STRUTS, Un 
ix, ECommerce, PowerBuilder. 
Oracle Financial Applications 
PL/SQL, SQL*Plus, SQL Load 
er, Developer 2000, Forms, Re. 
ports, TOAD, Oracle DBA, Or 
acle, C, C++, VC++, Erwin Data 
Modelling/Designing, Interwov- 
en TeamSite, ASP.NET, C#, Vis: 
ualStudio.NET, XML, XSLT, SQL 
SERVER 2000, Oracle, Devel 
oper 2000, Crystal Reports, Sun 
Solaris, Datawarehouse, COG 
NOS, informatica 
COBOL, JCL, VSAM 
DB2, MVS, IMS, VSAM, Tera- 
data, ED! Gentran/Mercator 
AS/400, Lotus Notes, People: 
Soft HR/Financiais, SAP R/3 
and ABAP/4, Visual Basic. 
COM/DCOM, CORBA, Tu: 
WinRunner 
Rational Suite 
SQA Suite, Visual Basic, MS 
SQL Server, BaaN ERP, sqiserv 
st Director, Rational Robot 
Rational Test Manager, Rational 
ClearQuest, Rational Requisite 
Pro, PVCS, QTP, Crystal re- 
ports, Active reports, Corba 
SAP, Artifical Intelligence, SAS. 
Top $. Requires Master's/Bach 
elor's degree w/1 to 5 yrs of pro. 
fessional exp. Must be willing to 
travel to client sites throughout 
the U.S. Please email resume to 
resumes@computerconsultant 
inc.com or mail to CCI INC, 222 
Turnpike Rd, Suite 9A, West- 
boro, MA 01581 


SYSTEM ANALYST 


Analyze business and all other 
data processing problems for 
application to electronic data 
processing systems. Analyze 
user requirements. procedures, 
and problems to automate or 
improve existing systems and 
review computer system capa- 
bilities, work-flow, and schedul- 
ing limitations. Bachelor of Sci- 
ence in Computer Science and 
two years experience required in 
Java, Java-script, HTML, C++ 
Windows, Oracle, MS Access 
Unix, Fox-base, COBOL, and 
Peri. $74000 per year. Qualified 
applicants submit resumes to 
Samuel J. Grosso, Vice Presi- 
der Kimso Apartments, Inc 
240 Parkhill Avenue Staten 
Island, NY 10304 


Amtex Systems seeks Software 
System Engineers, DBA to 
design Oracle/DB2, web-based 
applications. Req: MS or BS 
with exp. Job site: various of the 
country including Detroit, MI 
Travel maybe required for some 
positions. Please send resume 
to info@amtexsystems.com 
EOE 

Computer Contract Services. 
Inc. has openings for Sr. IT 
Consultants. Job site: Ann Arbor 
Michigan. Minimum requirement 
is BS with 2-yr experience using 
the SAS system, Unix & NT piat- 
forms. Competitive wage with 
full benefits. Please contact 
ken.schmidt@ccsiteam.com 
EOE 


Oracle Database Administra- 
tor: To administer Oracle 
RDBMS, 9i App Server, Ap- 
plications 11.0.3 (Financials) 
Oracle Collaboration suite. FT 
position & competitive salary. 
Requires: MS - Information 
Management or computer sci- 
ence, 3 yrs experience, & 
Oracle Certified Professional 
Send resumes to: Karen 
Cumber (Administrative As- 
sistant) HR, Allen Lund 
Company, 4529 Angeles 
Crest Hwy, #300B, La 
Canada, CA 91011 or E-Mail 
to resume@alleniund.com. 


INFORMATION TECH 
RevereData LLC seeks candi- 
dates for the following positions 
in downtown SF 
Sr. System Administrator 
Exp in design & support of real- 
time financial systems on multi 
platform environ. 

Senior Architect - Exp in des. 
ign architecture of applications 
in the multi-tier, multi-platform 
environ 

Data Architect - Exp in data 
modeling ORACLE ETL 
OLAP, ERD, UML, IDEF1X 
J2EE, Unix Shell 

Senior Software Engineer 
Exp in Java/Web UI! developer 
3+ yr., Oracle, J2SE, XSLT, 
DHTML 

Senior Database Admin. - Exp 
w/Oracle/MS SQL on multi-plat 
form environ 

Software Engineer - Real-tir 
Software developer w/exp in C. 
C++, TCP/IP networking, IP pro- 
tocols design, Oracle 

To Apply: Send resume wi/refer- 
ence to position sought to HR 
Department, Revere Data, Jobs 
LCOS, 222 Sutter St., Suite 450 
San Francisco, CA 94108 


Research Engineer for EM 
s/w development with MS in 
EE or related field & min 3 
yrs exp in FDTD code 
development. Duties in- 
clude: developing efficient 
serial & parallel CFDTD 
Maxwell solver engines on 
a PC cluster & tools for 
visualization of the simulat- 
ed results. Mail resume to: 
RM Associates (RMA), 
1211 Deerfield Dr, State 
College, PA 16803-2207, or 
fax to 814-865-1299 


Software Engineer wanted by 
AS Systems working in Austin 
to develop S/W on CTI, call 
center IVP using skills such as 
TSAPI, TAPI & integration with 
AVAYA, Nortel switches, em 
bedded system programming 
Please send resumes to 9600 
Greant Hill Trail, Ste 150W. 
Austin, TX 78759. 


Internet Operation Center 
(1O0C) seeks software/project 
engineers, analysts, DBA. Dut- 
ies include quality assurance, 
use Oracle, Web Tech, VB, 
DB2, ASP, C/C++, XML, Java 
Script. Must have MS or BS 
plus experience. Job site 
Southfield, Ml. Please apply at 
resume@iocenter.net. EOE 


Programmer Analyst: Design 
develop, analyze, test, and rec- 
ommend software requirements 
for database applications as well 
as develop and perform data- 
base management for leading 
industry clients. Use object-ori- 
ented programming using 
Oracle, Java, Peri, XML, Solaris 
Web logic, C++ and current Web 
Technologies in Windows, Unix 
and Linux environments. Need 
Bachelors Degree in Comp 
Science or MIS or related & 2 
yrs of exp. Send Resumes to 
HR. Asset Optimization Group. 
Inc., 11200 Richmond, Suite 
470, Houston, TX 77082 or E- 
mail: hr@aogtech.com 


Systems Administrator sought 
by North American Color, 
experienced with Network 
Design, Installation, Mainten- 
ance, Troubleshooting, Admin- 
istration, and Disaster Recov- 
ery skills. Applicants must 
have MS/BS in Computer Sci- 
ence or Engineering with relat- 
ed experience. NAC provides 
a competitive salary and bene- 
fits. Send Resume to: HR 
Dept., 5960 S. Sprinkle Road, 
Portage, Mi 49002 or email to 
funger@nac-mi.com. EOC 
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SYSTEMS ANALYST 


Analyzes user requirements. 
procedures and problems to au- 
tomate processing or to improve 
existing computer systems. BS 
in CS or IS or eng. or math-relat 
ed and 2 yrs. Exp. in job offered 
Must be able to travel. Incl. in 
the 2 yrs., must have 2 yrs. exp. 
with various computer skill sets 
such as: C#, VB.NET, ASP .Net 
ADO.Net, Visual Basic, ASP 
COM, ActiveX, JAVA, C++, D- 
HTML, VBScript, XML, .NET & 
J2EE architecture, WinForms 
WebForms, Web Service: 

stal Report 9.0 Designer, C 

MS SQL Server, MS Acc 
Diagram, MS SharePoint & S 
Sales Module and SDLC 
Hrs./wk. 9 to 5, Mon-Fri 
overtime. $57,450/yr. Apply re 
sume to Attn Nagesh Ganta 
Capricorn Systems, Inc., 3569 
Habersham-at-Northlake, Build 
ing K, Tucker, GA 30084 


VLS Systems has openings for 
the following positions to work at 
client sites throughout the Unit 
ed States: Software Engineers 
Programmer Analysts, DBA's. 
and Project Managers with ¢ 
perience in any of the following 
teols and technologies: Java 
Technologies, Informatica, Bus- 
iness Objects, OOA/OOD, Orac 
le Technologies, Solaris, Lotus 
Notes, Domino, ETL Processes 
Hyperion Essbase, MS Analysis 
Services, Datawarehouseing 
Perl, Tuxedo, DTS, Websphere. 
Weblogic, Rational Rose, XML 
XSL, PL/SQL, C++, BRIO, ERP, 
SAP, EJB's COM, AS/400 
DCOM, Peoplesoft, SQL Server, 
T-SQL, Shell Scripts, COBOL 
JCL, JMS, Swing, Entity Beans 
DB2, EAI, Biztalk, and .net tech- 
nologies including ASP, ADO 
VB and C#. Send resume to 
VLS Systems, 9900 Main Street 
Ste. 304, Fairfax, VA 22031 


Technical Writer, Northport, AL 
Analyze & document client busi- 
ness processes to integrate 
technology. Prep. system & pro: 
gram specifications; document 
program & system logic; prep. & 
maintain user guides & technical 
manuals; monitor system chang- 
es; develop & document recov- 
ery plans, standard ops proce 
dures & equip. maintenance 
Req: Bachelors (or foreign 
equiv or eqiv. in experience and 
or education in Computer or 
Business fields + 2 yrs exp. in 
job or 2 yrs performing technical 
documenting of business sys: 
tems. Mail resume to Applied 
Infotech, 501 Bridge Ave. 
Northport, AL 35746. 


Test Engineer 


Develop and debug 
complex iCT test pro- 
grams on the HP3070. 
B.S. Elec or Comp 
Eng. req., Extensive 
knowledge of HP3070 
platform req. 2 yrs exp. 
req. Comp _ salary. 
Email resume__— to 
John@apgtest.com. 
APG Test Consultants. 
Longmont, CO. 
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Staffing Agencies 


Place your 
Labor Certification 
ads here! 
Are you frequently plac 
legallimmigration advertisements 
Let us help you put together a 
cost effective program that will 
make this time-consuming 
task a little easier 
Contact: Danielle Tetreauit at: 
800-762- 2977 
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Be sure to take advantage of this 
great opportunity to brand your 
company or display your recruitment 
message in IT Careers amid these 
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Contact us: 
800-762-2977 


Visit us at: 


www.itcareers.com 
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[ ee PROGRAMMER/ANALYST to 


Ads analyze, design, develop and 
support application software in a 
Placed 


clienVserver environment using 

| object oriented analysis, C, C++ 

} 7 VC++, MFC, COM/DCOM, CO- 
Ww kliv BOL, DB2, MS SQL Server, Or- 
ee y acle, SPll, I1VR, CTI experience 

with Intel Dialogic APis and 
Visual Studio on Windows NT. 


Didn't find the | XP, UNIX and IBM MVS/OS290 
| platforms. Require: B.S. degree 


IT Career in Computer Science/Engineer- 
: r a closely related field with 
Opportunity job offered or 


| Exten 
you were sive travel on assignments tc 
| various Clie sites within the 

looking for? | U.S. is required. Competitive 
salary ered. Send resume to 

SatishKumar Ashok, CSR Data 


Syster nc., 21 Crestwood 


ataway, NJO8854 


Check back 


weekly for 


Jesign, develop 


application soft 
ware using Java, EJB, JDK, JSP, 
Serviet BC let, HTML 
placed by Weblogic, FrontPage, Flash and 
| Oracle t 1 Windows operating 
| system. Require: B.S. degree in 
|| Computer S 
| eering discir a closely 
|| related field with 2 yrs of exp in 
the job offered or as a Software 
Engineer. Extensive travel on 
assignments to various client 
sites within the U.S.is required 
Competitive saiary offered. Send 
resume to: Shilpa Chaudhry, Elite 
Solutions, Inc 1670 Reserve 
Way, Ste 203, Decatur 
30033; Attn: Job CS 
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Place your 
Labor Certification 
ads here! 


Are you frequently placing legal 
or immigration advertisements? 


Let us help you put together a 
cost effective program that will 
make this time-consuming task a 
little easier. 
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Danielle Tetreault 


800-762-2977 
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CW022805N 3 


IT consulting firm located in 
Vermont has multiple openings 
for IT 
multiple clients throughout the 
U.S. Job duties include: Analy 


professionals to serve 


sis, design, development and 
testing of come 
Specific skill 


tude 
clude 


Net Devel 
J2EE Develo 
Data warehousing 
Cognos/Inforr 
Business Obje 
Database Dev 
Oracle or DBZ 
Hyperio 
+ QA Testers 
+ ERP Const 
f 


Peoplesoft/SAF 


SOFTWARE 
sign, develop 
mplement 
based appli 
and business 
tions using Java 
Visual Basi 
ASP 
3s 
ing systems 
gree in Computer 
Engineering dis 
closely related; M 
demonstra’ 
the stated di 
academic 
work exp 
assignment to var 
sites within the U.S ii 
Competitive salary offered. Ar 
ply by resume to: Steve Atkins 
Computer Technology S 
Inc., 2800 Milar ur 
Birmingham, AL 352 
SM 


SENIOR SOFTWARE ENGIN 
EER design, develop, main- 
tain and impleme: Yracle appli 
cations, focusing on HR, Payro! 
and OAB modules, using Orac 
le, PL/SQL, SQL, SQL*Loader. 
SQL*Plus, Developer 2000 (For. 
ms/Reports), Ti Java, JSP. 
HTML, DHTMi, JavaScript 
XML and XSLT under UNIX and 
Windows operating systems 
Mentor junior programmers and 
engineers. Require: B.S. deg 
ree in Computer Science, an En. 
gineering discipline, or a closely 
related field with 5 yrs pro- 
gressively responsible exp in the 
job offered or as a Programmer. 
Analyst or Programmer. Extens: 
ve travel on assignments to var 
ious client sites within the is 
required. Competitive salary 
offered. Apply by resume t 
Srinivasa R. Manne, Methodex 
Consulting Services, Inc., 1517 
W. Irving Blvd., Irving, TX 
75061; Attn: Job DP. 


PROGRAMMER/ANALYST to 
analyze, design, develop, test 
impiement and document com: 
puter software for business and 
financial applications using Ja 
va, SQL, HTML, Java Script, Lo- 
tus Notes, Lotus Script and Do- 
mino under UNIX and Windows 
operating systems. Require 
B.S. degree in Computer Sci- 
ence, an Engineering discipline. 
or a closely related field with 2 
yrs of exp in the job offered or as 
a Programmer. Extensive travel 
on assignments to various client 
sites within the U.S.is required 
Competitive salary offered. Ap- 
ply by resume to: PishuHarjani 
Focus Software, Inc., 22 Perim- 
eter Center East, Ste 2205 
Atlanta, GA 30346; Attn: Job SJ 


Data System Programmer 
Design & develop an unemploy- 
ment insurance & payment pro- 
essing app! based on existing 
mainframe systems currently in 
place for State of SD. Rewrite 
netary determination process 
ve efficiency & r 
anual process. Design, devel 
& deploy a new web-enabled 
nterface so that eral 
file new & addit 
through the 
40hpw, 7:36 
Bachelor's degree 


related fi 


eld 


a Sfware E 
Jevelopmen 


haere aelet es 


COMPUTER 


Project Engi 
and other ations 


sought to serve as a 


ware develc 
medical image network r 
ment system. Duties in 
ordinat 

lead througho' 


and directing 


neers and t 


M 


or HTML 





SYSTEMS SUPPORT SPEC 
IALIST to provide tech. support 
to employee configure, main- 
tain & back-up workstations & 
Windows 2000/2003 servers w 
US & MS SQL; Develop secure 
samba infrastructure for file 
server; Create develop & main: 
tain an unattended Windows 
installation infrastructure for 
automatic install. of all Windows 
operating systems w/ the latest 
updates, firewall configuration & 
security lock down of servers 
and workstations; Test security 

dates & service packs to 
ensure compatibility w/ existing 
applications & infrastructure 
Maintain & troubleshoot mail 
DHCP & DNS; Perform network 
backups w/ Veritas Backup 
Exec; Maintain a FlexLM license 
server & a server that scans e- 
mail for viruses/spam before for- 
warding it to the exchange serv 
er for delivery w/ sendmail 
mime-defang & spamassassin 
Build servers & workstations 
Troubleshoot LAN/WAN/VPN 
connectivity; Maintain server & 
network docum. Require BS 
degree in Computer Science, an 
Engeering discip., or a closely 
related field w/ 2 yrs of exp in the 
job offered. Competitive salary 
offered. Send resume to HR 
Praxis 3 P.C., 1776 Peachtree 
St, Ste 520 South Tower, Atlanta 
GA 30309; Attn: Job DR 


Systems Analyst: Analyze cus 
tomer requirements, procedures 
& problems to automate proces- 
sing to improve existing comput- 
er technology, or for installation 
of new/replacement computer 
systems; confer with customers 
to analyze current operational 
procedures, identify problems & 
determine possibie solutions 
upgrade new/existing computer 
technology & correct errors in 
the system after implementation 
40 hr. per wk, 7:30AM - 4:30PM 
$18.86/hr, depending on qualifi- 
cations and exp., B.S. in Sys- 
tems Analyst or Computer Sci- 
ence, 2 yr exp job offered or 2 yr 
exp related occupation in com- 
puter hardware/software instal- 
lation, diagnosis & repair. Exp. 
must include: integration of MS 
Windows and UNIX operating 
systems, network installation 
security & troubleshooting; & 
Linux. Microsoft Certified Syst- 
ems Engineer or ability to obtain 
same prior to employment. Exp 
may be gained concurrently. 
Send Resume to: Agency for 
Workforce innovation P.O. Box 
10869, Tallahassee, FL 32302- 
JOFL#2614456 
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Software Engineer IV - 
Web Technology 


Waltham, MA Prov 
ceptual & technica’ 
complex business 
problems. Plan 
t & implemen 
external websites & 
the teleco at 
try. Develop back wet 
tems & ensure quality, se 
integn f informatior 
& 
ir 
telecom 
n-tier arc J 
oriented techniques 


the impleme 

Web systems & work with the 
end user in the requirements 
gathering as well as software 
development. Pc requires 
a Bachelor's dec hi 
Engineering or Computer Sci 
ence & 2 yrs of experience in the 
job offered or in the ated 
occupation as ar ygineer 
yrs of experience ist include 
experience with Corba, 
J2EE, Unix & Oracle. 9-5, M-F 
40 hrs/wk. $60,500, Submit 
2 copies of resume to Case 
#200300533, Division of Career 
5 ces, Labor Certificatio 

19 Staniford Street, 1st fir 

MA 02114 


SOFTWARE QA ENGINEER t 
design, develop and exec 
test plans and test cases for 
web-based applications; Create 
and execute automated testing 
scripts and mar 
tests using W 
Director, Oracle, SQL 
MS Access, ASP, HTML 
Script, C, C++, UNIX S 
JavaScript on Windows a 
IX platforms; Perform GUI! 
tional, integration and 
sion tests; Review and 
test programs, test plans 
test scripts developed by 
Analysts; Train and mentor team 
members in the use and ir 
mentation of automated test 
tools. Require: M.S. degree 
Computer Science/Engineerin 
or a closely related field with 1 
of exp in the job offered or as a 
Software QA Programmer. E 
tensive travel on assignment to 
client sites within the 
is required. Competitive 
salary offered. Apply by resume 
to: Vishy Dasari, President 
Objectnet Technologies, Inc 
1117 Perimeter Center West 
#E-104, Atlanta, GA 30338; Attn 
Job AN. 


Liaise wiir 


multinat 


»perational 
thru appropriate coord. 

house resi es & overseas 
dut-source ftaking of maj 
or s/w dev. contracts and exe 

uting projects e global 
execution mod jate corp 
lients on emergi 

vations & developme 

effective di 


nth 


Software 
McCarthy & 


95) 


model. test and 
web 


tabases 


y related field; M 
demonstrated ahiiity to 
the stated duties gained throug 
academic coursework/previc 
work experience. Extensive tra 
vel on assignment various 
lient sites within the U.S. is re 
quired. Competitive salary of 
fered. Apply by resume t 
Steve Atkins, Computer Technol- 
ogy Solutions, Inc., 2800 Milan 
Court, Ste 213, Birmingham 
35211; Attn: Job RD 
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Continued from page 1 
Testing SP2 _ 


Gartner Inc. predicts that 
half of enterprise XP desktop 


systems will be running SP2 by | 
| no effect on the machines run- | 


year’s end. But Gartner analyst 
Michael Silver said sporadic 
reports of applications being 
broken by the software proves 
the need for careful testing, 
“since there’s no easy way to 
tell which applications may 
break and which will be OK.” 


Lengthy Process 
And the testing clearly takes 
time. Jean Delaney Nelson, 
CIO at Securian Financial 
Group Inc. in St. Paul, Minn., 
said her company’s SP2 project 
started in August, when the IT 
staff began researching which 
parts of the service pack it 
wanted to install. Securian 
then created and started test- 
ing operating system “builds” 
with applications, a process it 
expects to complete in May. 
So far, Securian has identi- 
fied a half-dozen applications 
that have issues with SP2, in- 
cluding some software that 
vendors haven't certified for 
the update, Delaney Nelson 
said. She added that none of 
the problems are major, but 
Securian won't be ready to 
start deploying SP2 to its 575 
XP machines until July. Most 


of the company’s 2,500 desktop 


machines run Windows 2000. 

“SP2 is not just like a patch. 
It’s almost like a whole new 
version of the software,” said 
John-Mark Tucker, IT manag- 
er at Red Dot Corp. in Seattle. 
“It really should be considered 
an upgrade, and that should 
trigger more precaution.” 

But beyond isolated prob- 


Correction 

The name of Tim Dougherty, 
director of IBM's BladeCenter 
server division, was spelled in- 
correctly in a story in the Feb. 21 
News section (“IBM, Sun Look to 
Simplify IT infrastructure”). 





| aided design software 
| — against new builds 





lems, Red Dot’s SP2 installa- 
tion has gone smoothly and is 
helping to protect the compa- 
ny from malicious attacks, 
Tucker said. A virus infected 
Red Dot’s network during the 
SP2 testing period, but it had 


ning SP2, he noted. 
Red Dot, which 
makes heating and air- 
conditioning systems 
for large vehicles, par- 


| ticipated in Micro- 

| soft’s Technical Adop- 
| tion Program and test- 
| ed some 25 applica- 


tions — including 
ERP and computer- 


of SP2 during the beta period. 
Tucker estimated that the test- 
ing process took three to four 
days for each new build. 

But some companies have 
hundreds of applications to 


test and still aren’t ready to 


| begin deploying SP2. 


For example, Edmonton, 


| Alberta-based Atco I-Tek Inc., 


the IT arm of Canadian ener- 


| gy and logistics company Atco 


Ba ay tie 8 | 
has started SP2 
Ct OL ol 
will take months 
to complete. 


Ltd., supports more than 600 
operational applications on its 
XP systems, accord- 
ing to Bruce Schmidt, 
leader of Atco I-Tek’s 
workstation architec- 
ture team. 

“Smaller software 
vendors don’t seem 
to be ready to com- 
mit to SP2 compati- 
bility,” Schmidt said. 
“Others will only 
commit with the lat- 
est product release, 


| which is not always what is 
| currently being used.” 


Only about a dozen of the 
company’s 4,000 XP desktops 
have been updated to SP2. 


| Schmidt said that thus far, 


| 


| 


SP2 is not just | 
like a patch. 

It’s almost like a 
whole new version 


_ of the software. 


Cee e eer eeeeeeereseeseseeeeeees 


| JOHN-MARK TUCKER 
| IT MANAGER, RED DOT CORP 


| most problems have been re- 
| lated to the new Windows 


| Firewall technology. A loom- 


| ing concern moving forward is 


distributing the “jumbo-sized” 


| SP2, he added. 


At the Kentucky Depart- 


| ment of Education, the only 


difficulty associated with its 
SP2 deployment was insuffi- 


| cient disk space on some 
| systems, noted Tim Cornett, 


| anetwork engineer at the 
agency. 


| although Microsoft says the 


SP2 checks in at 265MB, 


Microsoft’s New Browser Plan Miffs Win2k Users 


THIS MONTH's announcement 
by Microsoft Chairman Bill Gates 
that Internet Explorer 7.0 will be 
made available only to users of 
Windows XP SP2 and the up- 
coming Longhorn release of Win- 
dows isn't sitting well with some 
IT managers. 

Although corporate users con- 
tacted last week said they're hap- 
py about the security-focused 
improvements that Microsoft 
plans to make to its Web brows- 
er, several added that they think 
IE7 should also be supported on 
Windows 2000. 

“Windows 2000 was built for 
the Internet and bought with 
good-faith expectations on secu- 
rity,” said Charlie Ward, manager 
of IT architecture at Duke Power 
Co. in Charlotte, N.C. “If IE7 
works only on Windows XP SP2 
and above, Microsoft is forcing 
customers with no other com- 
pelling reason to upgrade to 
spend additional money to pro- 
tect themselves from flaws in 
Microsoft's products.” 


Microsoft last week declined 
to comment about IE7. A compa- 
ny spokesman said more details 
will be made available when the 
first beta is released 

Gates said during a keynote 
address at the RSA Conference 
2005 in San Francisco two 
weeks ago that Microsoft ex- 
pects to deliver a beta version by 
“early in the summer.” He vowed 
that IE7 will add “a new level of 
security,” including stronger de- 
fenses against phishing attacks, 
malicious software and spyware. 
But the earliest edition of Win- 
dows that will be supported is XP 
SP2, Gates said. 

Martin Colburn, chief tech- 
nology officer at the National 
Association of Securities Dealers 
Inc., said the industry standard 
is typically to make improve- 
ments backward-compatible 
for the previous one or two re- 
leases. He added that it would 
make sense for Microsoft to 
do the same, since the compa- 
ny has had “notoriously weak 


security” in its products. 

“If [users] want a level of se- 
curity that probably should have 
been there with the product all 
along, they've got to upgrade,” 
Colburn said. “That's a little bit 
challenging for customers that 
have already set out their up- 
grade schedules.” 

Kindred Healthcare Inc. has 
about 11,000 desktops running 
Windows 2000. Because the 
Louisville, Ky.-based company 
plans to skip XP with the excep- 
tion of tactical situations, it will 
have to wait for Longhorn to get 
IE7, said Rob Rhodes, a technical 
consultant at Kindred. 

The desktop version of Long- 
horn is expected to be released 
next year. Microsoft originally 
planned to deliver IE7 and Long- 
horn at the same time. 

But Craig Roth, an analyst at 
Meta Group Inc., said Microsoft 
wants to show that it's “not 
standing still” as the open-source 
Firefox browser continues to gain 
users. The new IE7 plan “has a 


amount of code installed on 
systems could be smaller be- 
cause the update is a “smart 
download” that will install 
only what the user actually 
needs. The average download 
for Windows XP Professional 
users is expected to be about 
100MB, according to a Micro- 
soft spokesman. 

Microsoft claimed that a 
November survey of 800 en- 
terprise customers who at- 


| tended its educational work- 


shops on SP2 showed that 77% 


| planned to deploy the update 


during the next six months. 
“We understand that many 
of our enterprise customers 
have very complex environ- 
ments,” said Jon Murchinson, 
a Windows group product 
manager at Microsoft. “We ad- 


| vised in August that they pro- 
| ceed with testing before they 
| rolled it out to the general 


populace.” @ 52824 


bit of a freezing effect on compa- 
nies that might have been think- 
ing about changing browsers,” 
Roth said. 

Roger Wilding, a senior tech- 
nical engineer at a global ship- 
ping and supply chain services 
company, said Microsoft is up to 
“its old tricks” with IE7. “They 
weren't going to do a new IE until 
Longhorn came out,” he said. 
“Now there is a threat out there, 
Firefox, so they are reacting - but 
only a little bit.” 

Yet Wilding said his company, 
which he asked not be identified, 
has no plans to switch browsers. 
“Firefox doesn’t work on some 
intranet sites we have, and there 
is no central way to patch it,” 
he said. 

Some users were sympathetic 
to Microsoft's plight. “As a soft- 
ware guy myself, I’m well aware 
of the time and cost to do back- 
ward compatibility,” said Jeremy 
Lehman, ClO at New York-based 
Thomson Financial. He added 
that it's “better to have some- 
thing now than wait another year 
for a perfect solution.” 

- Carol Sliwa 
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Paris Hilton & You 


T DIDN’T REQUIRE a California law for data-theft victims to 
be notified after Paris Hilton’s phone book hit the Web a week 
ago. Oh, they knew. Dozens of celebs, ranging from rapper 
Eminem to tennis babe Anna Kournikova, suffered through 
hundreds of calls from fans, pranksters and anyone else who 
found the contents of Hilton’s T-Mobile cell phone on the Internet. 
There were also snapshots, to-do lists and transcripts of Hilton’s 
text-messaging chats. But what caught headlines were the phone 
numbers of all those poor, beleaguered B-listers, suddenly out there 
where any nobody with a dialing finger could call them. 
C’mon, stop snickering. I’m getting to a serious point here. 


See, Hilton thought all that personal data 
was on her cell phone, tucked safely away in 
her ... well, wherever she keeps it. But she was 
wrong. The data’s real home was on T-Mobile’s 
servers. Her Sidekick II phone stored the data 
there automatically, just as it was designed to. 

That arrangement means the data won’t be 
lost if the phone is damaged or the batteries die. 
But it also means that if anyone were to hack 
into T-Mobile’s servers, they’d have access to 
whatever Hilton put in her phone: pictures, 
documents, phone numbers, the works. 

And T-Mobile’s servers have a history of be- 
ing hacked. In October 2003, intruders got into 
T-Mobile’s customer databases and acquired 
passwords and other information that, in turn, 
let the bad guys access customer accounts. 
Hilton’s account information was reportedly 
compromised at that time. 

So was account information for a hotshot U.S. 
Secret Service agent, Peter Cavicchia. Cavicchia 
didn’t store the numbers of celebrity friends 
on his phone — that is, on T-Mobile’s servers. 
He stored material linked to ongoing Secret 
Service criminal investigations. 

According to the New York Daily 
News, that allowed one or more 
hackers to access numerous Secret 
Service documents, including re- 
ports, requests for subpoenas and 
a confidential treaty with Russia. 

Cavicchia has since left the Secret 
Service, which says the security 
breach didn’t compromise any on- 
going investigations. And last week 
22-year-old Nicholas Jacobsen 
pleaded guilty to the 2003 T-Mobile 
break-in. He’ll be sentenced in May. 

Now think: If a Secret Service 





agent stored sensitive information on his 
phone, how many of your users have likely 
done the same thing? And even if you’ve 
warned them to guard their phones carefully, 
how many have unknowingly stored sensitive 
company documents or data on a cell phone 
company’s servers, where the only thing stand- 
ing between that data and hackers is security 
you have no control over? 

You can’t protect that information. You don’t 
even know what information is at risk. And 
your users don’t even know it is at risk. 

Not snickering now, are you? We’re not talk- 
ing about glitterati inconvenience and embar- 
rassment any more. This is about your job: pro- 
tecting your company’s data. 

What can you do? You could ban the use of 


state-of-the-art cell phones (which won’t work). 


Or you could carefully audit every user’s phone 
account for security (which would add a huge 
amount of work). 

Or you can once again take on the challenge 
of educating your users. You can explain the 
risks of storing company data on their phones. 

And offer guidance about what 
data is safest to keep on which 
phones. And encourage them to 
consult with IT to keep potential 
problems to a minimum. 

Yes, that’s still a big job. It will 
require educating yourself on cell 
phone risks, too. But if you can get 
users to understand what’s on the 
line, maybe you can get them to 
help you keep that data secure in- 
stead of fighting you. 

After all, you don’t really want 
to end up like Paris Hilton, do you? 
@ 52795 
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